Huawei Alp-L09 Firmware vulnerabilities

5 known vulnerabilities affecting huawei/alp-l09_firmware.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2019-19412MEDIUMCVSS 4.6fixed in 9.0.0.201\(c432e4r1p9\)2020-06-08

CVE-2019-19412 [MEDIUM] CVE-2019-19412: Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-con Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-a

CVE-2019-5302MEDIUMCVSS 5.3fixed in 9.1.0.300\(c432e4r1p9t8\)2020-04-27

CVE-2019-5302 [MEDIUM] CWE-20 CVE-2019-5302: There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send spe There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different

CVE-2019-5303MEDIUMCVSS 5.3fixed in 9.1.0.300\(c432e4r1p9t8\)2020-04-27

CVE-2019-5303 [MEDIUM] CWE-20 CVE-2019-5303: There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send spe There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different

CVE-2018-7923HIGHCVSS 7.8fixed in 8.0.0.150\(c432\)2018-09-12

CVE-2018-7923 [HIGH] CWE-20 CVE-2018-7923: Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the

CVE-2018-7922HIGHCVSS 7.8fixed in 8.0.0.150\(c432\)2018-09-12

CVE-2018-7922 [HIGH] CWE-20 CVE-2018-7922: Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the