#VU28293 Improper Authorization in Huawei Mate 20 - CVE-2020-1831
Published: May 27, 2020
Vulnerability identifier: #VU28293
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-1831
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei Mate 20
Huawei Mate 20
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to the digital balance function does not sufficiently restrict the using time of certain user. An attacker with physical access to the device can break the limit of digital balance function after a series of operations with a PC.
Remediation
Install updates from vendor's website.