CVE-2020-9258
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
10/07/2020
Last modified:
21/07/2021
Description
HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:* | 10.1.0.135\(c00e135r2p11\) (excluding) | |
cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page