CVE-2019-5229Insufficient Verification of Data Authenticity in Huawei P30 Firmware

CWE-345Insufficient Verification of Data Authenticity3 documents3 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 93.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei P30 Firmware
Timeline
PublishedNov 12
Latest updateMay 24

Description

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/p30_firmware< elle-al00b_9.1.0.193\(c00e190r2p1\)
CVEListV5huawei/p30_firmwareVersions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1)

🔴Vulnerability Details

2
GHSA
GHSA-7332-327w-xhcp: P30 smartphones with versions earlier than ELLE-AL00B 92022-05-24
CVEList
CVE-2019-5229: P30 smartphones with versions earlier than ELLE-AL00B 92019-11-12
CVE-2019-5229 — Huawei P30 Firmware vulnerability | cvebase