CVE-2020-1801
Description
There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper authentication in share scenario on Huawei Mate 30 Pro and Mate 30 could allow information disclosure.
Vulnerability
An improper authentication vulnerability exists in the share scenario of Huawei Mate 30 Pro and Mate 30 smartphones. The system fails to sufficiently validate the caller's identity in certain share operations, allowing an attacker to potentially access sensitive information. Affected versions include Mate 30 Pro versions earlier than 10.0.0.205(C00E202R7P2) and Mate 30 versions earlier than 10.0.0.205(C00E201R7P2) [1].
Exploitation
To exploit this vulnerability, an attacker would need to be in a position to trigger a share operation on the affected device, possibly through a malicious application or social engineering. The specific attack vector involves sending a crafted request to the vulnerable interface, bypassing authentication checks. No special privileges or user interaction beyond initiating a share action are required [1].
Impact
Successful exploitation could lead to information disclosure, exposing sensitive data that should be protected during sharing. The attacker may gain access to files, contacts, or other private information without proper authorization [1].
Mitigation
Huawei has released software updates to fix this vulnerability. Users should upgrade to the resolved versions: Mate 30 Pro to 10.0.0.205(C00E202R7P2) and Mate 30 to 10.0.0.205(C00E201R7P2). The update is available via Huawei's official channels. No workarounds are provided [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.0.0.205
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-smartphone-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.