CVE-2020-9250

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:mate_20_pro_firmware:10.1.0.160\(c00e160r3p8\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*

History

11 Jul 2025, 14:33

Type	Values Removed	Values Added
CPE		cpe:2.3:o:huawei:mate_20_pro_firmware:10.1.0.160\(c00e160r3p8\):::::::* cpe:2.3:h:huawei:mate_20_pro:-:::::::*
References	~~() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en -~~	() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en - Broken Link, Vendor Advisory
First Time		Huawei mate 20 Pro Huawei mate 20 Pro Firmware Huawei

20 Dec 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-20 02:15

Updated : 2025-07-11 14:33

NVD link : CVE-2020-9250

Mitre link : CVE-2020-9250

CVE.ORG link : CVE-2020-9250

JSON object : View

Products Affected

huawei

mate_20_pro_firmware
mate_20_pro

CWE

CWE-287

Improper Authentication

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2020-9250", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@huawei.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-12-20T02:15:05.150", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-en", "tags": ["Broken Link", "Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@huawei.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250."}, {"lang": "es", "value": "Existe una vulnerabilidad de autenticaci\u00f3n insuficiente en algunos tel\u00e9fonos inteligentes Huawei. Un atacante local no autenticado puede manipular un paquete de software para explotar esta vulnerabilidad. Debido a una verificaci\u00f3n insuficiente, una explotaci\u00f3n exitosa puede afectar el servicio. (Identificador de vulnerabilidad: HWPSIRT-2019-12302) A esta vulnerabilidad se le ha asignado un identificador de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-9250."}], "lastModified": "2025-07-11T14:33:07.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:10.1.0.160\\(c00e160r3p8\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66E42492-3CC3-454E-B060-D69153DD99DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}