CVE-2020-1838
Summary
| CVE | CVE-2020-1838 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-06 19:15:00 UTC |
| Updated | 2020-07-09 14:39:00 UTC |
| Description | HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Huawei | Mate 30 Pro | - | All | All | All |
| Hardware | Huawei | Mate 30 Pro | - | All | All | All |
| Operating System | Huawei | Mate 30 Pro Firmware | All | All | All | All |
| Operating System | Huawei | Mate 30 Pro Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory - Improper Authentication Vulnerability in Several Smartphones | MISC | www.huawei.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.