Vulnerability Description
HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P30 Firmware | < 10.1.0.135\(c00e135r2p11\) |
| Huawei | P30 | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-02-smartpVendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-02-smartpVendor Advisory
FAQ
What is CVE-2020-1798?
CVE-2020-1798 is a vulnerability with a CVSS score of 4.6 (MEDIUM). HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NF...
How severe is CVE-2020-1798?
CVE-2020-1798 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1798?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei P30 Firmware, Huawei P30.