Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-9235

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.

Published

2020-09-03T19:15:12.417

Last Modified

2024-11-21T05:40:12.693

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	honor_20_pro_firmware	< 10.1.0.230\(c432e9r5p1\)	Yes
Hardware	huawei	honor_20_pro	-	No
Operating System	huawei	honor_20_pro_firmware	< 10.1.0.231\(c10e3r3p2\)	Yes
Hardware	huawei	honor_20_pro	-	No
Operating System	huawei	honor_20_pro_firmware	< 10.1.0.231\(c185e3r5p1\)	Yes
Hardware	huawei	honor_20_pro	-	No
Operating System	huawei	honor_20_pro_firmware	< 10.1.0.231\(c636e3r3p1\)	Yes
Hardware	huawei	honor_20_pro	-	No
Operating System	huawei	honor_view_20_firmware	< 10.1.0.212\(c432e10r3p4\)	Yes
Hardware	huawei	honor_view_20	-	No
Operating System	huawei	honor_view_20_firmware	< 10.1.0.213\(c636e3r4p3\)	Yes
Hardware	huawei	honor_view_20	-	No
Operating System	huawei	honor_view_20_firmware	< 10.1.0.214\(c10e5r4p3\)	Yes
Hardware	huawei	honor_view_20	-	No
Operating System	huawei	honor_view_20_firmware	< 10.1.0.214\(c185e3r3p3\)	Yes
Hardware	huawei	honor_view_20	-	No
Operating System	huawei	oxfords-an00a_firmware	< 10.1.0.212\(c00e210r5p1\)	Yes
Hardware	huawei	oxfords-an00a	-	No
Operating System	huawei	princeton-al10b_firmware	< 10.1.0.160\(c00e160r2p11\)	Yes
Hardware	huawei	princeton-al10b	-	No
Operating System	huawei	princeton-al10d_firmware	< 10.1.0.160\(c00e160r2p11\)	Yes
Hardware	huawei	princeton-al10d	-	No
Operating System	huawei	princeton-tl10c_firmware	< 10.1.0.160\(c01e160r2p11\)	Yes
Hardware	huawei	princeton-tl10c	-	No
Operating System	huawei	tony-al00b_firmware	< 10.1.0.160\(c00e160r2p11\)	Yes
Hardware	huawei	tony-al00b	-	No
Operating System	huawei	yale-al00a_firmware	< 10.1.0.160\(c00e160r8p12\)	Yes
Hardware	huawei	yale-al00a	-	No
Operating System	huawei	yale-l21a_firmware	< 10.1.0.230\(c432e9r5p1\)	Yes
Hardware	huawei	yale-l21a	-	No
Operating System	huawei	yale-l21a_firmware	< 10.1.0.231\(c10e3r3p2\)	Yes
Hardware	huawei	yale-l21a	-	No
Operating System	huawei	yale-l21a_firmware	< 10.1.0.231\(c636e3r3p1\)	Yes
Hardware	huawei	yale-l21a	-	No
Operating System	huawei	yale-l61a_firmware	< 10.1.0.225\(c431e3r1p2\)	Yes
Hardware	huawei	yale-l61a	-	No
Operating System	huawei	yale-l61a_firmware	< 10.1.0.225\(c432e3r1p2\)	Yes
Hardware	huawei	yale-l61a	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)