CVE-2020-9235

Published: Sep 3, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.

Affected (19)

Products: Huawei: Honor 20 Pro Firmware, Honor View 20 Firmware, Oxfords An00a Firmware, Princeton Al10b Firmware, Princeton Al10d Firmware, Princeton Tl10c Firmware, Tony Al00b Firmware, Yale Al00a Firmware, Yale L21a Firmware, Yale L61a Firmware

Huawei

10 products

Honor 20 Pro Firmware

Honor View 20 Firmware

Oxfords An00a Firmware

Princeton Al10b Firmware

Princeton Al10d Firmware

Princeton Tl10c Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 20 Pro Firmware	Before 10.1.0.230\(c432e9r5p1\)

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 20 Pro Firmware	Before 10.1.0.231\(c10e3r3p2\)

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 20 Pro Firmware	Before 10.1.0.231\(c185e3r5p1\)

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor 20 Pro Firmware	Before 10.1.0.231\(c636e3r3p1\)

Running on/with	Platform Versions
Huawei Honor 20 Pro	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor View 20 Firmware	Before 10.1.0.212\(c432e10r3p4\)

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor View 20 Firmware	Before 10.1.0.213\(c636e3r4p3\)

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor View 20 Firmware	Before 10.1.0.214\(c10e5r4p3\)

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor View 20 Firmware	Before 10.1.0.214\(c185e3r3p3\)

Running on/with	Platform Versions
Huawei Honor View 20	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oxfords An00a Firmware	Before 10.1.0.212\(c00e210r5p1\)

Running on/with	Platform Versions
Huawei Oxfords An00a	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Princeton Al10b Firmware	Before 10.1.0.160\(c00e160r2p11\)

Running on/with	Platform Versions
Huawei Princeton Al10b	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Princeton Al10d Firmware	Before 10.1.0.160\(c00e160r2p11\)

Running on/with	Platform Versions
Huawei Princeton Al10d	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Princeton Tl10c Firmware	Before 10.1.0.160\(c01e160r2p11\)

Running on/with	Platform Versions
Huawei Princeton Tl10c	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Tony Al00b Firmware	Before 10.1.0.160\(c00e160r2p11\)

Running on/with	Platform Versions
Huawei Tony Al00b	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Yale Al00a Firmware	Before 10.1.0.160\(c00e160r8p12\)

Running on/with	Platform Versions
Huawei Yale Al00a	All versions

Configuration O

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Yale L21a Firmware	Before 10.1.0.230\(c432e9r5p1\)

Configuration P

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Yale L21a Firmware	Before 10.1.0.231\(c10e3r3p2\)

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Yale L21a Firmware	Before 10.1.0.231\(c636e3r3p1\)

Running on/with	Platform Versions
Huawei Yale L21a	All versions

Configuration R

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Yale L61a Firmware	Before 10.1.0.225\(c431e3r1p2\)

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Yale L61a Firmware	Before 10.1.0.225\(c432e3r1p2\)

Running on/with	Platform Versions
Huawei Yale L61a	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.