Vulnerability Description
Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Oxfordp-An10B Firmware | < 10.0.1.169\(c00e166r4p1\) |
| Huawei | Oxfordp-An10B | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-phoneVendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200325-01-phoneVendor Advisory
FAQ
What is CVE-2020-9066?
CVE-2020-9066 is a vulnerability with a CVSS score of 7.8 (HIGH). Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user perfo...
How severe is CVE-2020-9066?
CVE-2020-9066 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9066?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Oxfordp-An10B Firmware, Huawei Oxfordp-An10B.