CVE-2020-1882

MEDIUM

Huawei mobile phones <10.0.0.180 - Privilege Escalation

Title source: llm

Description

Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en

Scores

CVSS v3 4.6

EPSS 0.0002

EPSS Percentile 6.5%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (4)

huawei/ever-l29b_firmware < 10.0.0.180\(c185e6r3p3\)

huawei/honor_magic2_firmware < 10.0.0.175\(c00e59r2p11\)

huawei/mate_20_rs_firmware < 10.0.0.175\(c786e70r3p8\)

huawei/mate_20_x_firmware < 10.0.0.176\(c00e70r2p8\)

Published Feb 18, 2020

Tracked Since Feb 18, 2026