CVE-2020-9125

low-risk
Published 2020-12-29

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Mate 30 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus...
Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus...
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal