← Back

CVE-2020-1878

nvd nist
Published: Mar 20, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.

Affected (2)

Huawei
1 product
Oxfords An00a Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Oxfords An00a Firmware
After 10.0.1.152d\(c735e152r3p3\) to 10.0.1.160\(c00e160r4p1\)
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Oxfords An00a Firmware
Before 10.0.1.152d\(c735e152r3p3\)
Running on/withPlatform Versions
Huawei
Oxfords An00a
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: psirt@huawei.com
Not Applicable
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.