{"api_version":"1","generated_at":"2026-04-23T10:03:29+00:00","cve":"CVE-2020-1838","urls":{"html":"https://cve.report/CVE-2020-1838","api":"https://cve.report/api/cve/CVE-2020-1838.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-1838","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-1838"},"summary":{"title":"CVE-2020-1838","description":"HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2020-07-06 19:15:00","updated_at":"2020-07-09 14:39:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-en","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-en","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Advisory - Improper Authentication Vulnerability in Several Smartphones","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-1838","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1838","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"1838","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"mate_30_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1838","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"mate_30_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1838","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_30_pro_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1838","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_30_pro_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-1838","ASSIGNER":"psirt@huawei.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"HUAWEI Mate 30 Pro","version":{"version_data":[{"version_value":"Versions earlier than 10.1.0.150(C00E136R5P3)"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Authentication"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-en","url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-en"}]},"description":{"description_data":[{"lang":"eng","value":"HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential."}]}},"nvd":{"publishedDate":"2020-07-06 19:15:00","lastModifiedDate":"2020-07-09 14:39:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:N/I:P/A:N","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":1.9},"severity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:mate_30_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.0.150\\(c00e136r5p3\\)","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:mate_30_pro:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"1838","Ordinal":"161167","Title":"CVE-2020-1838","CVE":"CVE-2020-1838","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"1838","Ordinal":"1","NoteData":"HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"1838","Ordinal":"2","NoteData":"2020-07-06","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"1838","Ordinal":"3","NoteData":"2020-07-06","Type":"Other","Title":"Modified"}]}}}