Main Vulnerability Database Vulnerabilities #VU28295

Information disclosure in Huawei Mate 10 - CVE-2020-1809

Published: May 27, 2020

Vulnerability identifier: #VU28295

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1809

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei Mate 10

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. An attacker with physical access can wake up voice assistant, then do a series of crafted voice operation and read certain files without unlock the phone.

How to mitigate CVE-2020-1809

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en

Information disclosure in Huawei Mate 10 - CVE-2020-1809

Detailed vulnerability description

How to mitigate CVE-2020-1809

Sources

Please verify you're human