ID

VAR-202005-0668


CVE

CVE-2020-1831


TITLE

HUAWEI Mate 20 Unauthorized authentication vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-005965

DESCRIPTION

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC. Huawei Mate 20 is a smart phone of the Chinese company Huawei. The vulnerability stems from the fact that the healthy use of mobile phone functions does not adequately limit the duration of user use. Attackers can use this vulnerability to break through the restrictions on the healthy use of mobile phone functions

Trust: 2.16

sources: NVD: CVE-2020-1831 // JVNDB: JVNDB-2020-005965 // CNVD: CNVD-2020-31279

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31279

AFFECTED PRODUCTS

vendor:huaweimodel:mate 20scope:ltversion:10.0.0.195\(sp31c00e74r3p8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:eqversion:10.0.0.195(sp31c00e74r3p8)

Trust: 0.8

vendor:huaweimodel:mate <10.0.0.195scope:eqversion:20

Trust: 0.6

sources: CNVD: CNVD-2020-31279 // JVNDB: JVNDB-2020-005965 // NVD: CVE-2020-1831

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1831
value: LOW

Trust: 1.0

NVD: JVNDB-2020-005965
value: LOW

Trust: 0.8

CNVD: CNVD-2020-31279
value: LOW

Trust: 0.6

CNNVD: CNNVD-202005-1352
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-1831
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005965
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31279
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1831
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005965
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31279 // JVNDB: JVNDB-2020-005965 // CNNVD: CNNVD-202005-1352 // NVD: CVE-2020-1831

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.8

sources: JVNDB: JVNDB-2020-005965 // NVD: CVE-2020-1831

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202005-1352

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005965

PATCH

title:huawei-sa-20200527-04-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-04-smartphone-en

Trust: 0.8

title:Patch for Huawei Mate 20 authorization issue vulnerability (CNVD-2020-31279)url:https://www.cnvd.org.cn/patchInfo/show/220025

Trust: 0.6

title:Huawei Mate 20 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119908

Trust: 0.6

sources: CNVD: CNVD-2020-31279 // JVNDB: JVNDB-2020-005965 // CNNVD: CNNVD-202005-1352

EXTERNAL IDS

db:NVDid:CVE-2020-1831

Trust: 3.0

db:JVNDBid:JVNDB-2020-005965

Trust: 0.8

db:CNVDid:CNVD-2020-31279

Trust: 0.6

db:CNNVDid:CNNVD-202005-1352

Trust: 0.6

sources: CNVD: CNVD-2020-31279 // JVNDB: JVNDB-2020-005965 // CNNVD: CNNVD-202005-1352 // NVD: CVE-2020-1831

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-1831

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-04-smartphone-en

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1831

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200527-04-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2020-31279 // JVNDB: JVNDB-2020-005965 // CNNVD: CNNVD-202005-1352 // NVD: CVE-2020-1831

SOURCES

db:CNVDid:CNVD-2020-31279
db:JVNDBid:JVNDB-2020-005965
db:CNNVDid:CNNVD-202005-1352
db:NVDid:CVE-2020-1831

LAST UPDATE DATE

2024-11-23T22:16:28.521000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-31279date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-005965date:2020-06-25T00:00:00
db:CNNVDid:CNNVD-202005-1352date:2020-06-03T00:00:00
db:NVDid:CVE-2020-1831date:2024-11-21T05:11:27.207

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-31279date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-005965date:2020-06-25T00:00:00
db:CNNVDid:CNNVD-202005-1352date:2020-05-27T00:00:00
db:NVDid:CVE-2020-1831date:2020-05-29T21:15:10.023