CVE-2020-1798
First published: Fri May 29 2020(Updated: )
HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei P30 Firmware | <10.1.0.135\(c00e135r2p11\) | |
| HUAWEI P30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability?
HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability that can be exploited by an attacker establishing a NFC connection and performing a series of operations on the target phone.
How does the vulnerability occur?
The vulnerability occurs due to a logic error when handling NFC work on HUAWEI P30 smartphones.
What is the severity of CVE-2020-1798?
The severity of CVE-2020-1798 is medium, with a CVSS severity score of 4.6.
Which software versions of HUAWEI P30 are affected?
HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) are affected.
How to fix the vulnerability?
To fix the vulnerability, users should update their HUAWEI P30 smartphones to version 10.1.0.135(C00E135R2P11) or later.
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- vendor/huawei
- canonical/huawei p30 firmware
- canonical/huawei p30