CVE-2020-9250

LOW

Huawei Mate 20 Pro Firmware - Authentication Bypass

Title source: rule

Description

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.

References (1)

[Broken Link, Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en

Scores

CVSS v3 3.3

EPSS 0.0005

EPSS Percentile 13.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Classification

CWE

CWE-522 CWE-287

Status published

Affected Products (1)

huawei/mate_20_pro_firmware

Timeline

Published Dec 20, 2024

Tracked Since Feb 18, 2026