Overview
- Description
- Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 2.4
- Impact score
- 1.4
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26909FF8-9B5D-4AF8-A811-3ECB5AE5F0AC",
"versionEndExcluding": "9.1.0.135\\(c786e133r3p1\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_rs:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "99DD3EC3-7E9B-4904-8317-C3528D1CAFEA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]