CVE-2020-1797

Vulnerability

CVE-2020-1797 is an improper authorization vulnerability in HUAWEI Mate 20 smartphones running versions earlier than 10.0.0.185(C00E74R3P8). The system does not properly restrict certain operations when the device is in ADB (Android Debug Bridge) mode, allowing a local user to bypass intended restrictions [1].

Exploitation

An attacker with physical access to the device and the ability to enable ADB mode (or with ADB already enabled) can exploit this vulnerability. The successful exploit requires the attacker to connect via ADB and execute certain privileged operations that are not properly authorized. No additional authentication beyond ADB access is mentioned [1].

Impact

Successful exploitation allows a user to break the limit of the digital balance function, which is a parental control or usage restriction feature on the device. This could lead to unauthorized access to restricted content or bypass of time or usage limits set by the device owner [1].

Mitigation

Huawei released a software update to fix this vulnerability. The resolved version is 10.0.0.185(C00E74R3P8) for HUAWEI Mate 20. Users should update to this version or later. No workarounds were provided in the advisory [1].