cvelistv5 - cve-2020-9092

CVE-2020-9092 (GCVE-0-2020-9092)

Vulnerability from cvelistv5

Published

2020-10-19 19:35

Modified

2024-08-04 10:19

Severity ?

CWE

JavaScript Injection

Summary

References

URL

	Vendor	Product	Version
	n/a	HUAWEI Mate 20	Version: Versions earlier than 10.1.0.163(C00E160R3P8)

cnvd-2020-58217

Vulnerability from cnvd

Title

HUAWEI Mate 20 JavaScript注入漏洞

Description

Huawei Mate 20是中国华为（Huawei）公司的一款智能手机。华为 HUAWEI Mate 20 10.1.0.163(C00E160R3P8)之前版本存在注入漏洞，该漏洞源于某模块没有对特定输入进行输入校验。攻击者利用该漏洞可绕过现有的校验过滤机制实施JavaScript注入，影响模块正常使用。

Severity

低

Patch Name

HUAWEI Mate 20 JavaScript注入漏洞的补丁

Patch Description

Huawei Mate 20是中国华为（Huawei）公司的一款智能手机。华为 HUAWEI Mate 20 10.1.0.163(C00E160R3P8)之前版本存在注入漏洞，该漏洞源于某模块没有对特定输入进行输入校验。攻击者利用该漏洞可绕过现有的校验过滤机制实施JavaScript注入，影响模块正常使用。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201014-01-smartphone-en

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-9092

Impacted products

Name
Huawei Mate 20 <10.1.0.163(C00E160R3P8)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9092",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9092"
    }
  },
  "description": "Huawei Mate 20\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\n\n\u534e\u4e3a HUAWEI Mate 20 10.1.0.163(C00E160R3P8)\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u67d0\u6a21\u5757\u6ca1\u6709\u5bf9\u7279\u5b9a\u8f93\u5165\u8fdb\u884c\u8f93\u5165\u6821\u9a8c\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u7ed5\u8fc7\u73b0\u6709\u7684\u6821\u9a8c\u8fc7\u6ee4\u673a\u5236\u5b9e\u65bdJavaScript\u6ce8\u5165\uff0c\u5f71\u54cd\u6a21\u5757\u6b63\u5e38\u4f7f\u7528\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201014-01-smartphone-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-58217",
  "openTime": "2020-10-23",
  "patchDescription": "Huawei Mate 20\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\r\n\r\n\u534e\u4e3a HUAWEI Mate 20 10.1.0.163(C00E160R3P8)\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u67d0\u6a21\u5757\u6ca1\u6709\u5bf9\u7279\u5b9a\u8f93\u5165\u8fdb\u884c\u8f93\u5165\u6821\u9a8c\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u7ed5\u8fc7\u73b0\u6709\u7684\u6821\u9a8c\u8fc7\u6ee4\u673a\u5236\u5b9e\u65bdJavaScript\u6ce8\u5165\uff0c\u5f71\u54cd\u6a21\u5757\u6b63\u5e38\u4f7f\u7528\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HUAWEI Mate 20 JavaScript\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei Mate 20 \u003c10.1.0.163(C00E160R3P8)"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9092",
  "serverity": "\u4f4e",
  "submitTime": "2020-10-20",
  "title": "HUAWEI Mate 20 JavaScript\u6ce8\u5165\u6f0f\u6d1e"
}

gsd-2020-9092

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-9092

Aliases

CVE-2020-9092

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9092",
    "description": "HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.",
    "id": "GSD-2020-9092"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9092"
      ],
      "details": "HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.",
      "id": "GSD-2020-9092",
      "modified": "2023-12-13T01:21:52.760190Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2020-9092",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HUAWEI Mate 20",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions earlier than 10.1.0.163(C00E160R3P8)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "JavaScript Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en",
            "refsource": "MISC",
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.1.0.163\\(c00e160r3p8\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-9092"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-10-19T20:15Z"
    }
  }
}

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. HUAWEI Mate 20 Is vulnerable to injection.Information may be tampered with. Huawei Mate 20 is a smartphone of China's Huawei (Huawei) company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1183",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mate 20",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "10.1.0.163\\(c00e160r3p8\\)"
      },
      {
        "model": "mate 20",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mate 20",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "mate 20  firmware  10.1.0.163(c00e160r3p8)  less than"
      },
      {
        "model": "mate \u003c10.1.0.163",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "20"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9092"
      }
    ]
  },
  "cve": "CVE-2020-9092",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-9092",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-58217",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.9,
            "id": "CVE-2020-9092",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.6,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-9092",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-9092",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-9092",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-58217",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202010-636",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-9092",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9092"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. HUAWEI Mate 20 Is vulnerable to injection.Information may be tampered with. Huawei Mate 20 is a smartphone of China\u0027s Huawei (Huawei) company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9092"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9092",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-636",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9092",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9092"
      }
    ]
  },
  "id": "VAR-202010-1183",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      }
    ],
    "trust": 1.26765326
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:05:25.001000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20201014-01-smartphone",
        "trust": 0.8,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en"
      },
      {
        "title": "Patch for HUAWEI Mate 20 JavaScript injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/237439"
      },
      {
        "title": "HUAWEI Mate20 Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131281"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-636"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      },
      {
        "problemtype": "injection (CWE-74) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9092"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9092"
      },
      {
        "trust": 1.7,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20201014-01-smartphone-cn"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/74.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9092"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9092"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "date": "2020-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9092"
      },
      {
        "date": "2021-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "date": "2020-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-636"
      },
      {
        "date": "2020-10-19T20:15:13.087000",
        "db": "NVD",
        "id": "CVE-2020-9092"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-58217"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9092"
      },
      {
        "date": "2021-05-10T07:32:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      },
      {
        "date": "2020-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-636"
      },
      {
        "date": "2024-11-21T05:40:00.350000",
        "db": "NVD",
        "id": "CVE-2020-9092"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HUAWEI\u00a0Mate\u00a020\u00a0 Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012480"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-636"
      }
    ],
    "trust": 0.6
  }
}

ghsa-2f67-h8ph-9pgr

Vulnerability from github

Published

2022-05-24 17:31

Modified

2022-05-24 17:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9092"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-19T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.",
  "id": "GHSA-2f67-h8ph-9pgr",
  "modified": "2022-05-24T17:31:22Z",
  "published": "2022-05-24T17:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9092"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2020-9092

Vulnerability from fkie_nvd

Published

2020-10-19 20:15

Modified

2024-11-21 05:40

Severity ?

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	psirt@huawei.com	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	mate_20_firmware	*
	huawei	mate_20	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94942060-E559-4CEF-85D2-A0AF106F7FF4",
              "versionEndExcluding": "10.1.0.163\\(c00e160r3p8\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module."
    },
    {
      "lang": "es",
      "value": "HUAWEI Mate 20 versiones anteriores a 10.1.0.163(C00E160R3P8), presentan una vulnerabilidad de inyecci\u00f3n de JavaScript.\u0026#xa0;Un m\u00f3dulo no verifica una entrada espec\u00edfica.\u0026#xa0;Esto podr\u00eda permitir a atacantes omitir el mecanismo de filtro para iniciar la inyecci\u00f3n de JavaScript.\u0026#xa0;Esto podr\u00eda comprometer el servicio normal del m\u00f3dulo afectado"
    }
  ],
  "id": "CVE-2020-9092",
  "lastModified": "2024-11-21T05:40:00.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-19T20:15:13.087",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-smartphone-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-9092 (GCVE-0-2020-9092)

Vulnerability from cvelistv5

cnvd-2020-58217

Vulnerability from cnvd

gsd-2020-9092

Vulnerability from gsd

var-202010-1183

Vulnerability from variot

ghsa-2f67-h8ph-9pgr

Vulnerability from github

fkie_cve-2020-9092

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature