CVE-2020-9125

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.

Published: Dec 29, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9125
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
huawei / mate_30_firmware	-	10.1.0.156\(c00e155r7p2\)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en

Vulnerability Database

289,697

CVE-2020-9125