CVE-2020-9109

Published: Oct 12, 2020Modified: Nov 21, 2024

4.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11).

Affected (8)

Products: Huawei: Mate 20 Firmware, Mate 20 X Firmware, P30 Pro Firmware, Laya Al00ep Firmware, Tony Al00b Firmware, Tony Tl00b Firmware

6 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 20 Firmware	Before 10.1.0.160\(c00e160r3p8\)

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate 20 Firmware	Before 10.1.0.160\(c01e160r2p8\)

Running on/with	Platform Versions
Huawei Mate 20	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 20 X Firmware	Before 10.1.0.160\(c00e160r2p8\)

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate 20 X Firmware	Before 10.1.0.160\(c01e160r2p8\)

Running on/with	Platform Versions
Huawei Mate 20 X	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P30 Pro Firmware	Before 10.1.0.160\(c00e160r2p8\)

Running on/with	Platform Versions
Huawei P30 Pro	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Laya Al00ep Firmware	Before 10.1.0.160\(c786e160r3p8\)

Running on/with	Platform Versions
Huawei Laya Al00ep	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Tony Al00b Firmware	Before 10.1.0.160\(c00e160r2p11\)

Running on/with	Platform Versions
Huawei Tony Al00b	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Tony Tl00b Firmware	Before 10.1.0.160\(c01e160r2p11\)

Running on/with	Platform Versions
Huawei Tony Tl00b	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.