CVE-2020-1838
Description
HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An improper authentication vulnerability in HUAWEI Mate 30 Pro allows an attacker to bypass face authentication using a crafted credential.
Vulnerability
An improper authentication vulnerability exists in HUAWEI Mate 30 Pro versions earlier than 10.1.0.150(C00E136R5P3). The device does not sufficiently validate certain credentials of the user's face, allowing an attacker to craft a credential that bypasses the intended authentication mechanism [1].
Exploitation
An attacker needs to craft the credential of the user's face. No specific privileges or network position are required beyond physical proximity or the ability to present the crafted credential to the device's authentication system. The vulnerability can be exploited without user interaction if the attacker can deliver the crafted credential [1].
Impact
Successful exploitation allows the attacker to pass the facial authentication check, potentially granting unauthorized access to the device and its data. The impact includes a breach of confidentiality and integrity, as the attacker can unlock the device and access protected resources [1].
Mitigation
Huawei released software updates to fix this vulnerability. The fixed version is 10.1.0.150(C00E136R5P3) and later. Users should update their devices to this version or newer [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- HUAWEI/Mate 30 Prodescription
- Range: <10.1.0.150(C00E136R5P3)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-03-smartphone-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.