CVE-2020-9081

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-9081
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:princeton-al10d:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:huawei:yale-al50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-al50a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*
History

10 Jan 2025, 20:37

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de autorización indebida en algunos teléfonos inteligentes Huawei. Un atacante podría realizar una serie de operaciones en un modo específico para explotar esta vulnerabilidad. Si lo hace con éxito, podría permitir al atacante eludir el bloqueo de la aplicación. (ID de vulnerabilidad: HWPSIRT-2019-12144) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposición común (CVE): CVE-2020-9081.
CPE cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:yale-al50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:princeton-al10d:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-al50a:-:*:*:*:*:*:*:*
References () https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en - () https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en - Vendor Advisory
First Time Huawei yale-al00a Firmware
Huawei
Huawei princeton-al10d Firmware
Huawei p30 Firmware
Huawei p30 Pro
Huawei yale-al50a Firmware
Huawei yale-al50a
Huawei p30
Huawei yalep-al10b Firmware
Huawei yale-al00a
Huawei princeton-al10d
Huawei p30 Pro Firmware
Huawei mate 20 Firmware
Huawei yalep-al10b
Huawei mate 20
CWE CWE-863

27 Dec 2024, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-27 10:15

Updated : 2025-01-10 20:37

NVD link : CVE-2020-9081

Mitre link : CVE-2020-9081

CVE.ORG link : CVE-2020-9081

JSON object : View

Products Affected

huawei

  • yale-al50a
  • p30
  • mate_20_firmware
  • mate_20
  • p30_pro
  • princeton-al10d_firmware
  • yalep-al10b
  • yale-al00a_firmware
  • p30_firmware
  • yale-al00a
  • p30_pro_firmware
  • princeton-al10d
  • yalep-al10b_firmware
  • yale-al50a_firmware
CWE
CWE-285

Improper Authorization

CWE-863

Incorrect Authorization