Huawei Bla-Tl00B Firmware vulnerabilities

5 known vulnerabilities affecting huawei/bla-tl00b_firmware.

Total CVEs

5

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2020-9239MEDIUMCVSS 5.5fixed in 8.1.0.326\(c01\)2020-09-11

CVE-2020-9239 [MEDIUM] CWE-20 CVE-2020-9239: Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions e Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 version

CVE-2019-5235MEDIUMCVSS 5.3v8.0.0.129\(sp2c01\)2019-12-14

CVE-2019-5235 [MEDIUM] CWE-476 CVE-2019-5235: Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.

CVE-2019-2215HIGHCVSS 7.8KEVPoCfixed in 10.0.0.170\(c01e170r1p4\)2019-10-11

CVE-2019-2215 [HIGH] CWE-416 CVE-2019-2215: A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kerne A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-14172009

CVE-2019-9506HIGHCVSS 8.1fixed in 9.1.0.329\(c01e320r1p1t8\)2019-08-14

CVE-2019-9506 [HIGH] CWE-310 CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encrypti The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

CVE-2018-7911MEDIUMCVSS 4.6v8.0.0.113\(sp7c01\)v8.0.0.118\(c01\)+9 more2018-10-23

CVE-2018-7911 [MEDIUM] CVE-2018-7911: Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(S Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01)