Information disclosure

2020-10-1214:15:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim’s smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11).

CPENameOperatorVersion
laya-al00ep_firmwareeq< 10.1.0.160c786e160r3p8
mate_20_firmwareeq< 10.1.0.160c0e160r3p8
mate_20_firmwareeq< 10.1.0.160c1e160r2p8
mate_20_x_firmwareeq< 10.1.0.160c0e160r2p8
mate_20_x_firmwareeq< 10.1.0.160c1e160r2p8
p30_pro_firmwareeq< 10.1.0.160c0e160r2p8
tony-al00b_firmwareeq< 10.1.0.160c0e160r2p11
tony-tl00b_firmwareeq< 10.1.0.160c1e160r2p11

Name	Operator	Version
laya-al00ep_firmware	eq	< 10.1.0.160c786e160r3p8
mate_20_firmware	eq	< 10.1.0.160c0e160r3p8
mate_20_firmware	eq	< 10.1.0.160c1e160r2p8
mate_20_x_firmware	eq	< 10.1.0.160c0e160r2p8
mate_20_x_firmware	eq	< 10.1.0.160c1e160r2p8
p30_pro_firmware	eq	< 10.1.0.160c0e160r2p8
tony-al00b_firmware	eq	< 10.1.0.160c0e160r2p11
tony-tl00b_firmware	eq	< 10.1.0.160c1e160r2p11