Multiple vulnerabilities in Huawei Mate 20
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-9083 CVE-2020-9092 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Huawei Mate 20 Client/Desktop applications / Multimedia software |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
Updated 15.10.2020
Added vulnerabilty #2
1) Input validation error
EUVDB-ID: #VU46242
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-9083
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can enter a large amount of text on the phone and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Mate 20: All versions
CPE2.3 External linkshttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-03-smartphone-en
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU47654
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-9092
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Mate 20: All versions
CPE2.3 External linkshttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
