CVE-2020-1785

Vulnerability

CVE-2020-1785 is a denial of service vulnerability present in Huawei Mate 10 Pro, Honor V10, Honor 10, and Nova 4 smartphones. The system does not properly verify the status of a certain module during specific operations. The affected versions include BLA-L09C, BLA-L29C, and other models earlier than resolved versions such as 9.1.0.321(C605E4R1P13T8) and 9.1.0.330(C432E6R1P12T8). The vulnerability exists because the system fails to check the module's state, allowing a malicious application to exploit this oversight [1].

Exploitation

To exploit this vulnerability, an attacker must trick the user into installing a malicious application. The attacker does not require any special network position or authentication beyond the user's consent to install the app. Once installed, the malicious app triggers the vulnerable operation, causing the system to mishandle the module status and lead to a device reboot [1].

Impact

Successful exploitation results in a denial of service by causing the smartphone to reboot. This is a temporary loss of availability; the attacker does not gain code execution, data access, or persistent control. The impact is limited to disrupting the device's normal operation until it reboots [1].

Mitigation

Huawei has released software updates to fix this vulnerability. Users should upgrade their devices to the resolved versions listed in the advisory, such as 9.1.0.321(C605E4R1P13T8) for BLA-L09C or 9.1.0.330(C432E6R1P12T8) for BLA-L29C. The initial advisory was published on 2020-01-02, with the last update on 2020-09-02. Users should apply the updates via official channels [1].