Main Vulnerability Database Vulnerabilities #VU24509

Improper Authorization in Huawei P10 Plus - CVE-2020-1872

Published: January 24, 2020

Vulnerability identifier: #VU24509

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1872

CWE-ID: CWE-285

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei P10 Plus

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to a digital balance bypass issue. When re-configuring the mobile phone at the digital balance mode, an attacker with physical access to the device can perform some operations to bypass the startup wizard, then open some switch and bypass a digital balance function.

How to mitigate CVE-2020-1872

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-digitalbalance-en

Improper Authorization in Huawei P10 Plus - CVE-2020-1872

Detailed vulnerability description

How to mitigate CVE-2020-1872

Sources

Please verify you're human