CVE-2020-1882

EUVD-2020-12708
Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
huaweimate_20_rs_firmware
𝑥
< 10.0.0.175\(c786e70r3p8\)
huaweimate_20_x_firmware
𝑥
< 10.0.0.176\(c00e70r2p8\)
huaweihonor_magic2_firmware
𝑥
< 10.0.0.175\(c00e59r2p11\)
huaweiever-l29b_firmware
𝑥
< 10.0.0.180\(c185e6r3p3\)
huaweiever-l29b_firmware
𝑥
< 10.0.0.180\(c432e6r1p7\)
huaweiever-l29b_firmware
𝑥
< 10.0.0.180\(c636e5r2p3\)
𝑥
= Vulnerable software versions
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en