CVE-2020-1786
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.
Los teléfonos inteligentes HUAWEI Mate 20 Pro versiones anteriores a 10.0.0.175(C00E69R3P8), presentan una vulnerabilidad de autenticación inapropiada. El software no comprueba suficientemente el nombre del archivo apk en una condición especial la cual podría permitir a un atacante falsificar una aplicación diseñada como normal. Una explotación con éxito podría permitir al atacante omitir la función digital balance.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-29 CVE Reserved
- 2020-01-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-smartphone-en | 2020-01-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Mate 20 Pro Firmware Search vendor "Huawei" for product "Mate 20 Pro Firmware" | < 10.0.0.175\(c00e69r3p8\) Search vendor "Huawei" for product "Mate 20 Pro Firmware" and version " < 10.0.0.175\(c00e69r3p8\)" | - |
Affected
| in | Huawei Search vendor "Huawei" | Mate 20 Pro Search vendor "Huawei" for product "Mate 20 Pro" | - | - |
Safe
|