CVE-2020-9109
Description
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei smartphones fail to validate a smart wearable device's identity, allowing information disclosure under certain conditions.
Vulnerability
An information disclosure vulnerability exists in several Huawei smartphones that do not sufficiently validate the identity of a smart wearable device in a specific scenario. Affected product versions include: HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8) and 10.1.0.160(C01E160R2P8); HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8) and 10.1.0.160(C01E160R2P8); HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8); Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8); Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11); and Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11) [1].
Exploitation
The attacker must first gain certain information from the victim's smartphone to launch the attack. The specific scenario requires the victim to be using a smart wearable device, and the device fails to sufficiently validate that wearable's identity. The attacker then leverages this lack of validation to execute the exploit [1].
Impact
Successful exploitation causes information disclosure. The exact type of information is not specified in the available references, but it originates from the victim's smartphone [1].
Mitigation
Huawei has released software updates to fix this vulnerability. The resolved versions are: HUAWEI Mate 20 10.1.0.160(C00E160R3P8) and 10.1.0.160(C01E160R2P8); HUAWEI Mate 20 X 10.1.0.160(C00E160R2P8) and 10.1.0.160(C01E160R2P8); HUAWEI P30 Pro 10.1.0.160(C00E160R2P8); Laya-AL00EP 10.1.0.160(C786E160R3P8); Tony-AL00B 10.1.0.160(C00E160R2P11); and Tony-TL00B 10.1.0.160(C01E160R2P11). Users should update their devices to these versions or later. The advisory is available at the link in reference [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- HUAWEI/Mate 20description
- Range: <10.1.0.160
- Range: <10.1.0.160
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.