Unrated severityNVD Advisory· Published Dec 20, 2024· Updated Dec 20, 2024

CVE-2020-9250

Description

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Insufficient authentication in Huawei Mate 20 Pro allows a local attacker to craft a software package that impacts service.

Vulnerability

An insufficient authentication vulnerability exists in some Huawei smartphones, specifically the HUAWEI Mate 20 Pro running versions earlier than 10.1.0.160(C00E160R3P8). The vulnerability arises from insufficient verification of software packages, allowing an unauthenticated local attacker to craft a malicious package that can impact the device's service. [1]

Exploitation

An unauthenticated local attacker can exploit this vulnerability by crafting a software package. The exact exploitation steps are not detailed in the advisory, but the attack requires local access and the ability to deliver the crafted package to the device. The insufficient verification process fails to properly validate the package, leading to the impact. [1]

Impact

Successful exploitation of this vulnerability may impact the service on the affected device. The advisory does not specify the exact nature of the impact, but it could involve denial of service or other service degradation. No further details on confidentiality, integrity, or availability are provided. [1]

Mitigation

Huawei has released a software update to fix this vulnerability. The resolved version for HUAWEI Mate 20 Pro is 10.1.0.160(C00E160R3P8), released on 2020-07-29. Users are advised to update to this version or later. No workarounds are documented in the available references. [1]

References

Security Advisory - Insufficient Authentication Vulnerabilities in Some Huawei Smart Phone Product

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Huawei/HUAWEI Mate 20cpe-rescue
Range: Versions earlier than 10.1.0.160(C00E160R3P8)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-01-smartphone-enmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000