PT-2020-20501 · Huawei · Laya-Al00Ep+4
Marco Grassi
·
Published
2020-10-12
·
Updated
2021-07-21
·
CVE-2020-9109
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HUAWEI Mate 20 versions earlier than 10.1.0.160
HUAWEI Mate 20 X versions earlier than 10.1.0.160
HUAWEI P30 Pro versions earlier than 10.1.0.160
Laya-AL00EP versions earlier than 10.1.0.160
Tony-AL00B versions earlier than 10.1.0.160
Tony-TL00B versions earlier than 10.1.0.160
Description
There is an information disclosure issue in several smartphones. The device does not sufficiently validate the identity of smart wearable devices in certain specific scenarios. To launch the attack, the attacker needs to gain certain information in the victim's smartphone. Successful exploitation could cause information disclosure.
Recommendations
For HUAWEI Mate 20, update to version 10.1.0.160 or later.
For HUAWEI Mate 20 X, update to version 10.1.0.160 or later.
For HUAWEI P30 Pro, update to version 10.1.0.160 or later.
For Laya-AL00EP, update to version 10.1.0.160 or later.
For Tony-AL00B, update to version 10.1.0.160 or later.
For Tony-TL00B, update to version 10.1.0.160 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Mate 20
Huawei P30 Pro
Laya-Al00Ep
Tony-Al00B
Tony-Tl00B