5.5

CVE-2020-9235

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.

Data is provided by the National Vulnerability Database (NVD)
HuaweiHonor 20 Pro Firmware Version < 10.1.0.230\(c432e9r5p1\)
   HuaweiHonor 20 Pro Version-
HuaweiHonor 20 Pro Firmware Version < 10.1.0.231\(c10e3r3p2\)
   HuaweiHonor 20 Pro Version-
HuaweiHonor 20 Pro Firmware Version < 10.1.0.231\(c185e3r5p1\)
   HuaweiHonor 20 Pro Version-
HuaweiHonor 20 Pro Firmware Version < 10.1.0.231\(c636e3r3p1\)
   HuaweiHonor 20 Pro Version-
HuaweiHonor View 20 Firmware Version < 10.1.0.212\(c432e10r3p4\)
   HuaweiHonor View 20 Version-
HuaweiHonor View 20 Firmware Version < 10.1.0.213\(c636e3r4p3\)
   HuaweiHonor View 20 Version-
HuaweiHonor View 20 Firmware Version < 10.1.0.214\(c10e5r4p3\)
   HuaweiHonor View 20 Version-
HuaweiHonor View 20 Firmware Version < 10.1.0.214\(c185e3r3p3\)
   HuaweiHonor View 20 Version-
HuaweiOxfords-an00a Firmware Version < 10.1.0.212\(c00e210r5p1\)
   HuaweiOxfords-an00a Version-
HuaweiPrinceton-al10b Firmware Version < 10.1.0.160\(c00e160r2p11\)
   HuaweiPrinceton-al10b Version-
HuaweiPrinceton-al10d Firmware Version < 10.1.0.160\(c00e160r2p11\)
   HuaweiPrinceton-al10d Version-
HuaweiPrinceton-tl10c Firmware Version < 10.1.0.160\(c01e160r2p11\)
   HuaweiPrinceton-tl10c Version-
HuaweiTony-al00b Firmware Version < 10.1.0.160\(c00e160r2p11\)
   HuaweiTony-al00b Version-
HuaweiYale-al00a Firmware Version < 10.1.0.160\(c00e160r8p12\)
   HuaweiYale-al00a Version-
HuaweiYale-l21a Firmware Version < 10.1.0.230\(c432e9r5p1\)
   HuaweiYale-l21a Version-
HuaweiYale-l21a Firmware Version < 10.1.0.231\(c10e3r3p2\)
   HuaweiYale-l21a Version-
HuaweiYale-l21a Firmware Version < 10.1.0.231\(c636e3r3p1\)
   HuaweiYale-l21a Version-
HuaweiYale-l61a Firmware Version < 10.1.0.225\(c431e3r1p2\)
   HuaweiYale-l61a Version-
HuaweiYale-l61a Firmware Version < 10.1.0.225\(c432e3r1p2\)
   HuaweiYale-l61a Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.061
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.