1. Home
  2. CVE Database
  3. CVE-2020-9076
MEDIUM · 6.8

CVE-2020-9076

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper a...

Vulnerability Description

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
HuaweiP30 Firmware< 10.1.0.135\(c00e135r2p11\)
HuaweiP30-
HuaweiP30 Pro Firmware< 10.1.0.135\(c00e135r2p8\)
HuaweiP30 Pro-
HuaweiTony-Al00B Firmware< 10.1.0.137\(c00e137r2p11\)
HuaweiTony-Al00B-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2020-9076?

CVE-2020-9076 is a vulnerability with a CVSS score of 6.8 (MEDIUM). HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper a...

How severe is CVE-2020-9076?

CVE-2020-9076 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9076?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei P30 Firmware, Huawei P30, Huawei P30 Pro Firmware, Huawei P30 Pro, Huawei Tony-Al00B Firmware.