#VU26216 Business Logic Errors in Huawei Mate 20 and Huawei Mate 30 Pro - CVE-2020-1795
Published: March 19, 2020
Vulnerability identifier: #VU26216
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1795
CWE-ID: CWE-840
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei Mate 20
Huawei Mate 30 Pro
Huawei Mate 20
Huawei Mate 30 Pro
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a local user to compromise the target device.
The vulnerability exists due to the affected software does not properly restrict certain operation when the Digital Balance function is on. An authenticated attacker with physical access can bypass the Digital Balance limit after a series of operations.
Remediation
Install updates from vendor's website.