CVE-2020-9254Improper Input Validation in Huawei P30 PRO Firmware

CWE-20Improper Input ValidationCWE-74Injection3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 61.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P30 PRO FirmwareHuawei P30 PRO
Timeline
PublishedJul 17
Latest updateMay 24

Description

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/p30_pro_firmware< 10.1.0.123\(c432e19r2p5patch02\)+2
CVEListV5huawei/huawei_p30_proVersions earlier than 10.1.0.123(C432E19R2P5patch02), Versions earlier than 10.1.0.126(C10E11R5P1), Versions earlier than 10.1.0.160(C00E160R2P8)+2

🔴Vulnerability Details

2
GHSA
GHSA-mc63-vj63-gr49: HUAWEI P30 Pro smartphones with versions earlier than 102022-05-24
CVEList
CVE-2020-9254: HUAWEI P30 Pro smartphones with versions earlier than 102020-07-17
CVE-2020-9254 — Improper Input Validation in Huawei | cvebase