CVE-2020-1878
MEDIUMHuawei smartphone OxfordS-AN00A <10.0.1.152D(C735E152R3P3),<10.0.1....
Title source: llmDescription
Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-informationleak-en
Not Applicable x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en
Scores
CVSS v3
5.5
EPSS
0.0003
EPSS Percentile
8.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (1)
huawei/oxfords-an00a_firmware
10.0.1.152d\(c735e152r3p3\) - 10.0.1.160\(c00e160r4p1\)
Published
Mar 20, 2020
Tracked Since
Feb 18, 2026