Huawei Mate 20 Pro Firmware vulnerabilities

10 known vulnerabilities affecting huawei/mate_20_pro_firmware.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM5LOW1

Vulnerabilities

Page 1 of 1
CVE-2020-9080HIGHCVSS 7.8v10.1.0.135\(c01e135r2p8\)2024-12-27
CVE-2020-9080 [HIGH] CWE-269 CVE-2020-9080: There is an improper privilege management vulnerability in Huawei smart phone product. A local, auth There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposu
nvd
CVE-2020-9250LOWCVSS 3.3v10.1.0.160\(c00e160r3p8\)2024-12-20
CVE-2020-9250 [LOW] CWE-287 CVE-2020-9250: There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilit
nvd
CVE-2021-22440MEDIUMCVSS 4.6v9.0.0.187\(c432e10r1p16\)v9.0.0.188\(c185e10r2p1\)+5 more2021-07-13
CVE-2021-22440 [MEDIUM] CWE-22 CVE-2021-22440: There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that th There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow t
nvd
CVE-2020-9247HIGHCVSS 7.8fixed in 10.1.0.270\(c432e7r1p5\)fixed in 10.1.0.270\(c635e3r1p5\)+4 more2020-12-07
CVE-2020-9247 [HIGH] CWE-120 CVE-2020-9247: There is a buffer overflow vulnerability in several Huawei products. The system does not sufficientl There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code executio
nvd
CVE-2020-9244MEDIUMCVSS 6.8fixed in 10.1.0.270\(c431e7r1p5\)fixed in 10.1.0.270\(c635e3r1p5\)+1 more2020-08-11
CVE-2020-9244 [MEDIUM] CVE-2020-9244: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Ve HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00
nvd
CVE-2019-5302MEDIUMCVSS 5.3fixed in 9.1.0.310\(c185e10r2p1\)2020-04-27
CVE-2019-5302 [MEDIUM] CWE-20 CVE-2019-5302: There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send spe There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different
nvd
CVE-2019-5303MEDIUMCVSS 5.3fixed in 9.1.0.310\(c185e10r2p1\)2020-04-27
CVE-2019-5303 [MEDIUM] CWE-20 CVE-2019-5303: There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send spe There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different
nvd
CVE-2020-0022HIGHCVSS 8.8fixed in 10.0.0.196\(c185e7r2p4\)2020-02-13
CVE-2020-0022 [HIGH] CWE-682 CVE-2020-0022: In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Andr
nvd
CVE-2020-1786MEDIUMCVSS 4.6fixed in 10.0.0.175\(c00e69r3p8\)2020-01-09
CVE-2020-1786 [MEDIUM] CWE-287 CVE-2020-1786: HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authent HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital ba
nvd
CVE-2019-5250HIGHCVSS 7.8fixed in 9.1.0.135\(c00e133r3p1\)2019-12-13
CVE-2019-5250 [HIGH] CWE-269 CVE-2019-5250: Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authoriza Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow th
nvd