Details of VAR-202002-0597

ID

VAR-202002-0597

CVE

CVE-2020-1872

TITLE

Huawei smartphone P10 Plus Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002147

DESCRIPTION

Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. Huawei smartphone P10 Plus There is an input verification vulnerability in.Information may be tampered with. There are security holes in Huawei smart phones P10 Plus

Trust: 2.16

sources: NVD: CVE-2020-1872 // JVNDB: JVNDB-2020-002147 // CNVD: CNVD-2020-13175

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-13175

AFFECTED PRODUCTS

vendor:	huawei	model:	p10 plus <9.1.0.252	scope:	-	version:	-	Trust: 1.2
vendor:	huawei	model:	p10 plus	scope:	lt	version:	9.1.0.252\(c185e2r1p9t8\)	Trust: 1.0
vendor:	huawei	model:	p10 plus	scope:	lt	version:	9.1.0.255\(c576e6r1p8t8\)	Trust: 1.0
vendor:	huawei	model:	p10 plus	scope:	lt	version:	9.1.0.252\(c432e4r1p9t8\)	Trust: 1.0
vendor:	huawei	model:	p10 plus	scope:	lt	version:	9.1.0.201\(c01e75r1p12t8\)	Trust: 1.0
vendor:	huawei	model:	p10 plus	scope:	eq	version:	9.1.0.201(c01e75r1p12t8)	Trust: 0.8
vendor:	huawei	model:	p10 plus	scope:	eq	version:	9.1.0.252(c185e2r1p9t8)	Trust: 0.8
vendor:	huawei	model:	p10 plus	scope:	eq	version:	9.1.0.252(c432e4r1p9t8)	Trust: 0.8
vendor:	huawei	model:	p10 plus	scope:	eq	version:	9.1.0.255(c576e6r1p8t8)	Trust: 0.8
vendor:	huawei	model:	p10 plus <9.1.0.201	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 plus <9.1.0.255	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 plus	scope:	eq	version:	9.1.0.252c185e2r1p9t8	Trust: 0.6
vendor:	huawei	model:	p10 plus	scope:	eq	version:	9.1.0.201c01e75r1p12t8	Trust: 0.6
vendor:	huawei	model:	p10 plus	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 plus	scope:	eq	version:	9.1.0.252c432e4r1p9t8	Trust: 0.6

sources: CNVD: CNVD-2020-13175 // JVNDB: JVNDB-2020-002147 // CNNVD: CNNVD-202002-943 // NVD: CVE-2020-1872

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1872
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002147
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-13175
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-943
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-1872
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002147
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-13175
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-1872
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002147
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-13175 // JVNDB: JVNDB-2020-002147 // CNNVD: CNNVD-202002-943 // NVD: CVE-2020-1872

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2020-002147 // NVD: CVE-2020-1872

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-943

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002147

PATCH

title:	huawei-sa-20200122-01-digitalbalance	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-digitalbalance-en	Trust: 0.8
title:	Patch for Huawei P10 Plus Digital Balance Bypass Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/204567	Trust: 0.6
title:	Huawei P10 Plus Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110543	Trust: 0.6

sources: CNVD: CNVD-2020-13175 // JVNDB: JVNDB-2020-002147 // CNNVD: CNNVD-202002-943

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1872	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-002147	Trust: 0.8
db:	CNVD	id:	CNVD-2020-13175	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-943	Trust: 0.6

sources: CNVD: CNVD-2020-13175 // JVNDB: JVNDB-2020-002147 // CNNVD: CNNVD-202002-943 // NVD: CVE-2020-1872

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-digitalbalance-en	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1872	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1872	Trust: 0.8

sources: CNVD: CNVD-2020-13175 // JVNDB: JVNDB-2020-002147 // CNNVD: CNNVD-202002-943 // NVD: CVE-2020-1872

SOURCES

db:	CNVD	id:	CNVD-2020-13175
db:	JVNDB	id:	JVNDB-2020-002147
db:	CNNVD	id:	CNNVD-202002-943
db:	NVD	id:	CVE-2020-1872

LAST UPDATE DATE

2024-11-23T22:44:44.168000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-13175	date:	2020-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-002147	date:	2020-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202002-943	date:	2020-02-25T00:00:00
db:	NVD	id:	CVE-2020-1872	date:	2024-11-21T05:11:31.070

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-13175	date:	2020-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-002147	date:	2020-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202002-943	date:	2020-02-18T00:00:00
db:	NVD	id:	CVE-2020-1872	date:	2020-02-18T02:15:10.767