#VU47196 Information disclosure in Huawei Hardware solutions
Vulnerability identifier: #VU47196
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
Exploitation vector: Local
Exploit availability:
Vulnerable software:
Huawei Mate 20
Client/Desktop applications /
Multimedia software
Huawei Mate 20 X
Client/Desktop applications /
Multimedia software
Huawei P30 Pro
Client/Desktop applications /
Multimedia software
Laya-AL00EP
Hardware solutions /
Firmware
Huawei Tony-AL00B
Hardware solutions /
Firmware
huawei Tony-TL00B
Hardware solutions /
Firmware
Vendor: Huawei
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the affected device does not sufficiently validate the identity of smart wearable device. A local administrator can gain unauthorized access to sensitive information on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Huawei Mate 20: All versions
Huawei Mate 20 X : All versions
Huawei P30 Pro: All versions
Laya-AL00EP: All versions
Huawei Tony-AL00B: All versions
huawei Tony-TL00B: All versions
Fixed software versions
CPE
External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
