1) Input validation error

EUVDB-ID: #VU46242

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9083

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can enter a large amount of text on the phone and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: before 10.1.0.163

---

CPE2.3

• cpe:2.3:a:huawei:huawei_mate_20:*:*:*:*:*:*:*:*

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-03-smartphone-en

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Input validation error

EUVDB-ID: #VU47654

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9092

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: before 10.1.0.163

---

CPE2.3

• cpe:2.3:a:huawei:huawei_mate_20:*:*:*:*:*:*:*:*

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?