First published: Mon Feb 17 2020(Updated: )
Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Mate 20 Rs Firmware | <10.0.0.175\(c786e70r3p8\) | |
HUAWEI Mate 20 RS | ||
Huawei Mate 20 X Firmware | <10.0.0.176\(c00e70r2p8\) | |
HUAWEI Mate 20 X | ||
Huawei Honor Magic2 Firmware | <10.0.0.175\(c00e59r2p11\) | |
Huawei Honor Magic2 | ||
Huawei Ever-l29b Firmware | <10.0.0.180\(c185e6r3p3\) | |
Huawei Ever-l29b | ||
Huawei Ever-l29b Firmware | <10.0.0.180\(c432e6r1p7\) | |
Huawei Ever-l29b Firmware | <10.0.0.180\(c636e5r2p3\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Huawei mobile phone vulnerability is CVE-2020-1882.
Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) are affected by this vulnerability.
The severity of CVE-2020-1882 is medium, with a severity score of 4.6.
To fix the CVE-2020-1882 vulnerability on your Huawei mobile phone, update to version 10.0.0.180(C185E6R3P3), 10.0.0.180(C432E6R1P7), 10.0.0.180(C636E5R2P3) for Ever-L29B models; 10.0.0.175(C786E70R3P8) for Mate 20 RS models; 10.0.0.176(C00E70R2P8) for Mate 20 X models; and 10.0.0.176(C00E59R2P11) for Honor Magic2 models.
You can find more information about this vulnerability on the Huawei website at http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en.