Improper Authorization in Huawei Mate 20 - CVE-2020-1831
Published: May 27, 2020
Vulnerability identifier: #VU28293
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1831
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei Mate 20
Huawei Mate 20
Detailed vulnerability description
The vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to the digital balance function does not sufficiently restrict the using time of certain user. An attacker with physical access to the device can break the limit of digital balance function after a series of operations with a PC.
How to mitigate CVE-2020-1831
Install updates from vendor's website.