CVE-2020-1808

Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versions earlier than 10.1.0.123(C431E22R3P5), versions earlier than 10.1.0.126(C636E5R3P4), versions earlier than 10.1.0.160(C00E160R2P11); versions earlier than 10.1.0.126(C185E8R5P1), versions earlier than 10.1.0.126(C636E9R2P4), versions earlier than 10.1.0.160(C00E160R2P8); versions earlier than 10.0.0.179(C636E3R4P3), versions earlier than 10.0.0.180(C185E3R3P3), versions earlier than 10.0.0.180(C432E10R3P4), versions earlier than 10.0.0.181(C675E5R1P2) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
huaweihonor_view_20_firmware
𝑥
< 10.0.0.179\(c636e3r4p3\)
huaweihonor_view_20_firmware
𝑥
< 10.0.0.180\(c185e3r3p3\)
huaweihonor_view_20_firmware
𝑥
< 10.0.0.180\(c432e10r3p4\)
huaweihonor_view_20_firmware
𝑥
< 10.0.0.188\(c00e62r2p11\)
huaweihonor_20_firmware
𝑥
< 10.0.0.187\(c00e60r4p11\)
huaweihonor_20_pro_firmware
𝑥
< 10.0.0.187\(c00e60r4p11\)
huaweihonor_magic2_firmware
𝑥
< 10.0.0.176\(c00e60r2p11\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-02-smartphone-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-02-smartphone-en