Main Vulnerability Database Vulnerabilities #VU27237

Improper Authorization in Huawei Mate 20 - CVE-2020-1807

Published: April 23, 2020 / Updated: May 5, 2020

Vulnerability identifier: #VU27237

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1807

CWE-ID: CWE-285

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Huawei Mate 20

Software vendor:
Huawei

Description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to the affected software does not properly restrict certain user's modification of certain configuration file. An attacker with physical access to the device can bypass app lock after a series of operation in ADB mode.

Remediation

Install updates from vendor's website.

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-smartphone-en

Improper Authorization in Huawei Mate 20 - CVE-2020-1807

Description

Remediation

External links

Please verify you're human