CVE-2020-9250

LOW Year: 2020
CVSS v3 Score
3.3
Low
Weakness Type
CWE-287
View all →

Vulnerability Description

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.

Related Vulnerabilities

CVE-2019-20533

LOW
CVSS:3.3(Low)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is S...

CWE-2872019

CVE-2020-9077

LOW
CVSS:3.3(Low)

HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specifie...

CWE-2872020

CVE-2021-25341

LOW
CVSS:3.3(Low)

Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.

CWE-2872021

CVE-2021-25342

LOW
CVSS:3.3(Low)

Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.

CWE-2872021

CVE-2021-25343

LOW
CVSS:3.3(Low)

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of...

CWE-2872021

CVE-2021-25451

LOW
CVSS:3.3(Low)

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

CWE-2872021