CVE-2020-9073

Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function.

Published: May 15, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9073
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.4
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
huawei / p20_firmware	-	10.0.0.156\(c00e156r1p4\)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-01-smartphone-en

Vulnerability Database

289,697

CVE-2020-9073