#VU47654 Input validation error in Huawei Mate 20

Published: 2020-10-15

Vulnerability identifier: #VU47654

Vulnerability risk: Low


CVE-ID: CVE-2020-9092


Exploitation vector: Local

Exploit availability:

Vulnerable software:
Huawei Mate 20
Client/Desktop applications / Multimedia software

Vendor: Huawei


The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. An attacker with physical access can bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.

Install updates from vendor's website.

Vulnerable software versions

Huawei Mate 20: All versions

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability