Sign-up

ID

VAR-202003-1130


CVE

CVE-2020-1878


TITLE

Huawei smartphone OxfordS-AN00A Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003138

DESCRIPTION

Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Huawei OxfordS-AN00A is a Huawei smartphone device

Trust: 2.25

sources: NVD: CVE-2020-1878 // JVNDB: JVNDB-2020-003138 // CNVD: CNVD-2020-21058 // VULMON: CVE-2020-1878

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-21058

AFFECTED PRODUCTS

vendor:huaweimodel:oxfords-an00ascope:gtversion:10.0.1.152d\(c735e152r3p3\)

Trust: 1.0

vendor:huaweimodel:oxfords-an00ascope:ltversion:10.0.1.152d\(c735e152r3p3\)

Trust: 1.0

vendor:huaweimodel:oxfords-an00ascope:ltversion:10.0.1.160\(c00e160r4p1\)

Trust: 1.0

vendor:huaweimodel:oxfords-an00ascope:eqversion:10.0.1.152d(c735e152r3p3)

Trust: 0.8

vendor:huaweimodel:oxfords-an00ascope:eqversion:10.0.1.160(c00e160r4p1)

Trust: 0.8

vendor:huaweimodel:oxfords-an00a 10.0.1.152dscope:ltversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-21058 // JVNDB: JVNDB-2020-003138 // NVD: CVE-2020-1878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1878
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003138
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-21058
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-641
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-1878
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-1878
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003138
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-21058
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1878
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003138
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-21058 // VULMON: CVE-2020-1878 // JVNDB: JVNDB-2020-003138 // CNNVD: CNNVD-202003-641 // NVD: CVE-2020-1878

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-003138 // NVD: CVE-2020-1878

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-641

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-641

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003138

PATCH
title:huawei-sa-20200311-01-informationleakurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-informationleak-en
Trust: 0.8
title:Patch for Huawei OxfordS-AN00A Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/212059
Trust: 0.6
title:Huawei OxfordS-AN00A Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=111895
Trust: 0.6
title:Huawei Security Advisories: Security Advisory - Improper Authentication Vulnerability in Huawei Smartphoneurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=18522e48b8011cb20b24f9f6eccf3ab8
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2020-1878 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-21058 // 
            
            
            
            VULMON: CVE-2020-1878 // 
            
            
            
            JVNDB: JVNDB-2020-003138 // 
            
            
            
            CNNVD: CNNVD-202003-641

EXTERNAL IDS
db:NVDid:CVE-2020-1878
Trust: 3.1
db:JVNDBid:JVNDB-2020-003138
Trust: 0.8
db:CNVDid:CNVD-2020-21058
Trust: 0.6
db:CNNVDid:CNNVD-202003-641
Trust: 0.6
db:VULMONid:CVE-2020-1878
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-21058 // 
            
            
            
            VULMON: CVE-2020-1878 // 
            
            
            
            JVNDB: JVNDB-2020-003138 // 
            
            
            
            CNNVD: CNNVD-202003-641 // 
            
            
            
            NVD: CVE-2020-1878

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-1878
Trust: 2.0
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-informationleak-en
Trust: 1.8
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1878
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200311-01-informationleak-cn
Trust: 0.6
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200415-02-dos-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2020-1878
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-21058 // 
            
            
            
            VULMON: CVE-2020-1878 // 
            
            
            
            JVNDB: JVNDB-2020-003138 // 
            
            
            
            CNNVD: CNNVD-202003-641 // 
            
            
            
            NVD: CVE-2020-1878

SOURCES
db:CNVDid:CNVD-2020-21058
db:VULMONid:CVE-2020-1878
db:JVNDBid:JVNDB-2020-003138
db:CNNVDid:CNNVD-202003-641
db:NVDid:CVE-2020-1878

LAST UPDATE DATE
2024-11-23T23:04:27.142000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-21058date:2020-04-02T00:00:00
db:VULMONid:CVE-2020-1878date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2020-003138date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-641date:2023-02-06T00:00:00
db:NVDid:CVE-2020-1878date:2024-11-21T05:11:31.890

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-21058date:2020-04-02T00:00:00
db:VULMONid:CVE-2020-1878date:2020-03-20T00:00:00
db:JVNDBid:JVNDB-2020-003138date:2020-04-06T00:00:00
db:CNNVDid:CNNVD-202003-641date:2020-03-11T00:00:00
db:NVDid:CVE-2020-1878date:2020-03-20T15:15:14.373