Unrated severityNVD Advisory· Published Jan 9, 2020· Updated Aug 4, 2024

CVE-2020-1786

Description

HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper authentication in HUAWEI Mate 20 Pro allows attackers to forge a crafted application to bypass the digital balance function.

Vulnerability

The software in HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) does not sufficiently validate the name of an APK file under a special condition. This improper authentication vulnerability (HWPSIRT-2019-07118) allows an attacker to forge a crafted application as a legitimate one [1].

Exploitation

An attacker can craft a malicious APK file with a specially crafted name that bypasses the insufficient validation. The attacker then needs to have the application installed on the target device, likely requiring user interaction to install the forged application. The exact attack vector is not detailed in the available references [1].

Impact

Successful exploitation allows the attacker to bypass the digital balance function of the device. This function is a security feature that controls digital spending or access to paid content. The attacker gains the ability to circumvent this restriction, potentially enabling unauthorized transactions or access [1].

Mitigation

Huawei has released software updates to fix this vulnerability. The resolved version is 10.0.0.175(C00E69R3P8). Users are advised to update their devices to this version or later. No workarounds are provided in the advisory [1].

References

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Huawei/Mate 20 Prollm-fuzzy
Range: <10.0.0.175(C00E69R3P8)
Huawei/HUAWEI Mate 20cpe-rescue
Range: Versions earlier than 10.0.0.175(C00E69R3P8)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-smartphone-enmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000