VAR-202002-0597
Vulnerability from variot - Updated: 2023-12-18 12:49Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. Huawei smartphone P10 Plus There is an input verification vulnerability in.Information may be tampered with.
There are security holes in Huawei smart phones P10 Plus
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p10 plus \u003c9.1.0.252",
"scope": null,
"trust": 1.2,
"vendor": "huawei",
"version": null
},
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.255\\(c576e6r1p8t8\\)"
},
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.252\\(c432e4r1p9t8\\)"
},
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.201\\(c01e75r1p12t8\\)"
},
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.252\\(c185e2r1p9t8\\)"
},
{
"model": "p10 plus",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "9.1.0.201(c01e75r1p12t8)"
},
{
"model": "p10 plus",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "9.1.0.252(c185e2r1p9t8)"
},
{
"model": "p10 plus",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "9.1.0.252(c432e4r1p9t8)"
},
{
"model": "p10 plus",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "9.1.0.255(c576e6r1p8t8)"
},
{
"model": "p10 plus \u003c9.1.0.201",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p10 plus \u003c9.1.0.255",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p10 plus",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9.1.0.252c185e2r1p9t8"
},
{
"model": "p10 plus",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9.1.0.201c01e75r1p12t8"
},
{
"model": "p10 plus",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p10 plus",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9.1.0.252c432e4r1p9t8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13175"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"db": "NVD",
"id": "CVE-2020-1872"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0.201\\(c01e75r1p12t8\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0.252\\(c185e2r1p9t8\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0.252\\(c432e4r1p9t8\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0.255\\(c576e6r1p8t8\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1872"
}
]
},
"cve": "CVE-2020-1872",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002147",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13175",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002147",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-1872",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-002147",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-13175",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-943",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13175"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"db": "NVD",
"id": "CVE-2020-1872"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. Huawei smartphone P10 Plus There is an input verification vulnerability in.Information may be tampered with. \n\r\n\r\nThere are security holes in Huawei smart phones P10 Plus",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1872"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"db": "CNVD",
"id": "CNVD-2020-13175"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1872",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002147",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13175",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-943",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13175"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"db": "NVD",
"id": "CVE-2020-1872"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
]
},
"id": "VAR-202002-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13175"
}
],
"trust": 1.2219512
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13175"
}
]
},
"last_update_date": "2023-12-18T12:49:50.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200122-01-digitalbalance",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-digitalbalance-en"
},
{
"title": "Patch for Huawei P10 Plus Digital Balance Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204567"
},
{
"title": "Huawei P10 Plus Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110543"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13175"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"db": "NVD",
"id": "CVE-2020-1872"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-digitalbalance-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1872"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1872"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13175"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"db": "NVD",
"id": "CVE-2020-1872"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13175"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"db": "NVD",
"id": "CVE-2020-1872"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13175"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"date": "2020-02-18T02:15:10.767000",
"db": "NVD",
"id": "CVE-2020-1872"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13175"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002147"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-1872"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smartphone P10 Plus Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002147"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-943"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…