Business Logic Errors in Huawei Mate 20 and Huawei Mate 30 Pro - CVE-2020-1795
Published: March 19, 2020
Vulnerability identifier: #VU26216
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1795
CWE-ID: CWE-840
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei Mate 20
Huawei Mate 30 Pro
Huawei Mate 20
Huawei Mate 30 Pro
Detailed vulnerability description
The vulnerability allows a local user to compromise the target device.
The vulnerability exists due to the affected software does not properly restrict certain operation when the Digital Balance function is on. An authenticated attacker with physical access can bypass the Digital Balance limit after a series of operations.
How to mitigate CVE-2020-1795
Install updates from vendor's website.