CVE-2020-9076
MEDIUMHUAWEI P30, P30 Pro, and Tony-AL00B Firmware < 10.1.0.135 - Improper Authentication via Man-in-the-Middle Attack
Title source: llmDescription
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en
Scores
CVSS v3
6.8
EPSS
0.0010
EPSS Percentile
27.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (3)
huawei/p30_firmware
< 10.1.0.135\(c00e135r2p11\)
huawei/p30_pro_firmware
< 10.1.0.135\(c00e135r2p8\)
huawei/tony-al00b_firmware
< 10.1.0.137\(c00e137r2p11\)
Published
Jun 15, 2020
Tracked Since
Feb 18, 2026