CVE-2020-9244
Description
HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Several Huawei and Honor smartphones have an improper authentication vulnerability where an attacker with the encryption key can forge certain encrypted files.
Vulnerability
An improper authentication vulnerability exists in multiple Huawei and Honor smartphones [1]. The system does not properly sign certain encrypted files, allowing a successful exploit where the attacker can forge such files [1]. Affected products and versions include: HUAWEI Mate 20 earlier than 10.1.0.160(C00E160R3P8); HUAWEI Mate 20 Pro earlier than 10.1.0.270(C431E7R1P5), earlier than 10.1.0.270(C635E3R1P5), earlier than 10.1.0.273(C636E7R2P4); HUAWEI Mate 20 X earlier than 10.1.0.160(C00E160R2P8); HUAWEI P30 earlier than 10.1.0.160(C00E160R2P11); HUAWEI P30 Pro earlier than 10.1.0.160(C00E160R2P8); HUAWEI Mate 20 RS earlier than 10.1.0.160(C786E160R3P8); HonorMagic2 earlier than 10.0.0.187(C00E61R2P11); Honor20 earlier than 10.0.0.175(C00E58R4P11); Honor20 PRO earlier than 10.0.0.194(C00E62R8P12); and HonorV20 earlier than 10.0.0.188(C00E62R2P11) [1].
Exploitation
An attacker must first gain the key used to encrypt the file [1]. With this key, the attacker can then forge certain encrypted files due to the missing or improper signature verification [1]. No specific network position, authentication level, or user interaction is detailed beyond requiring the encryption key.
Impact
A successful exploit allows the attacker to forge certain encrypted files [1]. This compromises the integrity of those files, potentially leading to further unauthorized actions or system compromise depending on the role of the forged file.
Mitigation
Huawei has released software updates to fix this vulnerability [1]. Users should upgrade their devices to the resolved versions listed in the security advisory, such as: HUAWEI Mate 20 to 10.1.0.160(C00E160R3P8); HUAWEI Mate 20 Pro to 10.1.0.270(C431E7R1P5), 10.1.0.270(C635E3R1P5), or 10.1.0.273(C636E7R2P4); and other devices to the corresponding fixed versions [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- HUAWEI/Mate 20description
- Range: <10.1.0.270(C431E7R1P5)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.