CVE-2020-1808
Description
Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versions earlier than 10.1.0.123(C431E22R3P5), versions earlier than 10.1.0.126(C636E5R3P4), versions earlier than 10.1.0.160(C00E160R2P11); versions earlier than 10.1.0.126(C185E8R5P1), versions earlier than 10.1.0.126(C636E9R2P4), versions earlier than 10.1.0.160(C00E160R2P8); versions earlier than 10.0.0.179(C636E3R4P3), versions earlier than 10.0.0.180(C185E3R3P3), versions earlier than 10.0.0.180(C432E10R3P4), versions earlier than 10.0.0.181(C675E5R1P2) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out of bound read vulnerability in several Huawei and Honor smartphones could allow information disclosure or service abnormal via a crafted application.
Vulnerability
An out of bound read vulnerability exists in several Huawei and Honor smartphones, including Honor 20, Honor 20 PRO, Honor Magic2, HUAWEI Mate 20 X, HUAWEI P30, HUAWEI P30 Pro, and Honor View 20. The software reads data past the end of the intended buffer. Affected versions include: Honor 20 and Honor 20 PRO earlier than 10.0.0.187(C00E60R4P11); Honor Magic2 earlier than 10.0.0.176(C00E60R2P11); HUAWEI Mate 20 X earlier than 9.1.0.135(C00E133R2P1); HUAWEI P30 earlier than 10.1.0.123(C431E22R3P5) or 10.1.0.126(C636E5R3P4) or 10.1.0.160(C00E160R2P11); HUAWEI P30 Pro earlier than 10.1.0.126(C185E8R5P1) or 10.1.0.126(C636E9R2P4) or 10.1.0.160(C00E160R2P8); and Honor View 20 earlier than 10.0.0.179(C636E3R4P3) or 10.0.0.180(C185E3R3P3) or 10.0.0.180(C432E10R3P4) or 10.0.0.181(C675E5R1P2) [1].
Exploitation
An attacker must trick the user into installing a crafted application [1]. No additional network position or authentication is required; the exploitation relies on user interaction to install the malicious app. Once installed, the application can trigger the out of bound read by performing operations that cause the affected software component to read beyond the intended buffer.
Impact
Successful exploitation may lead to information disclosure or abnormal service behavior [1]. The read beyond the buffer could expose sensitive data from adjacent memory or cause the system to crash or behave unexpectedly (denial of service). The attacker gains no code execution or privilege escalation; the impact is limited to reading unintended memory and potentially disrupting normal operation.
Mitigation
Huawei has released software updates to fix this vulnerability. Fixed versions include: 10.0.0.184(C10E3R3P2) for Honor 20 PRO; 10.0.0.184(C185E3R5P1) and 10.0.0.184(C431E9R5P1) for other variants; for HUAWEI Mate 20, a specific resolved version is listed in the advisory [1]. Users should update their devices to the latest official firmware via the system update mechanism. No workaround is provided.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Honor/Honor 20description
- Range: < 10.1.0.126(C636E5R3P5)
- Range: < 10.0.0.187(C00E60R4P11)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-02-smartphone-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.