CVE-2020-9250

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:mate_20_pro_firmware:10.1.0.160\(c00e160r3p8\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-20 02:15

Updated : 2025-07-11 14:33

NVD link : CVE-2020-9250

Mitre link : CVE-2020-9250

CVE.ORG link : CVE-2020-9250

JSON object : View

Products Affected

huawei

mate_20_pro
mate_20_pro_firmware

CWE

CWE-287

Improper Authentication

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2020-9250", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-12-20T02:15:05.150", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en", "tags": ["Broken Link", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250."}, {"lang": "es", "value": "Existe una vulnerabilidad de autenticaci\u00f3n insuficiente en algunos tel\u00e9fonos inteligentes Huawei. Un atacante local no autenticado puede manipular un paquete de software para explotar esta vulnerabilidad. Debido a una verificaci\u00f3n insuficiente, una explotaci\u00f3n exitosa puede afectar el servicio. (Identificador de vulnerabilidad: HWPSIRT-2019-12302) A esta vulnerabilidad se le ha asignado un identificador de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-9250."}], "lastModified": "2025-07-11T14:33:07.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:10.1.0.160\\(c00e160r3p8\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66E42492-3CC3-454E-B060-D69153DD99DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}