ID

VAR-202004-0961


CVE

CVE-2020-1807


TITLE

HUAWEI Mate 20 Unauthorized authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-004654

DESCRIPTION

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series of operation in ADB mode. Huawei Mate 20 is a smart phone of the Chinese company Huawei. Before Huawei Mate 20 10.0.0.188 (C00E74R3P8), there was an access control error vulnerability. The vulnerability stems from the system’s failure to properly restrict the modification of configuration files by specific users. An attacker can exploit a series of operations in ADB debugging mode. The vulnerability caused the application lock to be bypassed

Trust: 2.25

sources: NVD: CVE-2020-1807 // JVNDB: JVNDB-2020-004654 // CNVD: CNVD-2020-27122 // VULMON: CVE-2020-1807

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27122

AFFECTED PRODUCTS

vendor:huaweimodel:mate 20scope:ltversion:10.0.0.188\(c00e74r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:eqversion:10.0.0.188(c00e74r3p8)

Trust: 0.8

vendor:huaweimodel:mate <10.0.0.188scope:eqversion:20

Trust: 0.6

vendor:huaweimodel:mate 20scope:eqversion: -

Trust: 0.1

vendor:huaweimodel:mate 20scope:eqversion:9.1.0.131(c00e131r3p1)

Trust: 0.1

vendor:huaweimodel:mate 20scope:eqversion:9.1.0.139(c00e133r3p1)

Trust: 0.1

vendor:huaweimodel:mate 20scope:eqversion:10.0.0.175(c00e70r3p8)

Trust: 0.1

vendor:huaweimodel:mate 20scope:eqversion:10.0.0.185(c00e74r3p8)

Trust: 0.1

sources: CNVD: CNVD-2020-27122 // VULMON: CVE-2020-1807 // JVNDB: JVNDB-2020-004654 // NVD: CVE-2020-1807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1807
value: LOW

Trust: 1.0

NVD: JVNDB-2020-004654
value: LOW

Trust: 0.8

CNVD: CNVD-2020-27122
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-1954
value: LOW

Trust: 0.6

VULMON: CVE-2020-1807
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-1807
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004654
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27122
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1807
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004654
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27122 // VULMON: CVE-2020-1807 // JVNDB: JVNDB-2020-004654 // CNNVD: CNNVD-202004-1954 // NVD: CVE-2020-1807

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-863

Trust: 0.8

sources: JVNDB: JVNDB-2020-004654 // NVD: CVE-2020-1807

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1954

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004654

PATCH

title:huawei-sa-20200422-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-smartphone-en

Trust: 0.8

title:Patch for Huawei Mate 20 access control error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216753

Trust: 0.6

title:Huawei Mate 20 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116723

Trust: 0.6

title:Huawei Security Advisories: Security Advisory - Improper Authorization Vulnerability in Several Smartphonesurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=daf6c3e6182f254486d0180254736189

Trust: 0.1

sources: CNVD: CNVD-2020-27122 // VULMON: CVE-2020-1807 // JVNDB: JVNDB-2020-004654 // CNNVD: CNNVD-202004-1954

EXTERNAL IDS

db:NVDid:CVE-2020-1807

Trust: 3.1

db:JVNDBid:JVNDB-2020-004654

Trust: 0.8

db:CNVDid:CNVD-2020-27122

Trust: 0.6

db:CNNVDid:CNNVD-202004-1954

Trust: 0.6

db:VULMONid:CVE-2020-1807

Trust: 0.1

sources: CNVD: CNVD-2020-27122 // VULMON: CVE-2020-1807 // JVNDB: JVNDB-2020-004654 // CNNVD: CNNVD-202004-1954 // NVD: CVE-2020-1807

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-1807

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-smartphone-en

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1807

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200422-01-smartphone-cn

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/180312

Trust: 0.1

sources: CNVD: CNVD-2020-27122 // VULMON: CVE-2020-1807 // JVNDB: JVNDB-2020-004654 // CNNVD: CNNVD-202004-1954 // NVD: CVE-2020-1807

SOURCES

db:CNVDid:CNVD-2020-27122
db:VULMONid:CVE-2020-1807
db:JVNDBid:JVNDB-2020-004654
db:CNNVDid:CNNVD-202004-1954
db:NVDid:CVE-2020-1807

LAST UPDATE DATE

2024-11-23T22:33:28.945000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-27122date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-1807date:2020-04-30T00:00:00
db:JVNDBid:JVNDB-2020-004654date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1954date:2020-05-06T00:00:00
db:NVDid:CVE-2020-1807date:2024-11-21T05:11:25.090

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-27122date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-1807date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2020-004654date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1954date:2020-04-22T00:00:00
db:NVDid:CVE-2020-1807date:2020-04-27T15:15:13.080