Mate 20 Pro Firmware
CVE-2019-5250
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.
AnalysisAI
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected products include: Huawei Mate 20 Pro Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Mate 20 Pro Firmware
View allIn reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds cal
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and do
There is a buffer overflow vulnerability in several Huawei products. Rated high severity (CVSS 7.8), this vulnerability
HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than
There is a path traversal vulnerability in some Huawei products. Rated medium severity (CVSS 4.6), this vulnerability is
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerabilit
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today