Huawei Mate 20 X Firmware vulnerabilities

10 known vulnerabilities affecting huawei/mate_20_x_firmware.

Total CVEs

10

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM7LOW1

Vulnerabilities

Page 1 of 1

CVE-2020-9247HIGHCVSS 7.8fixed in 10.1.0.160\(c00e160r2p8\)2020-12-07

CVE-2020-9247 [HIGH] CWE-120 CVE-2020-9247: There is a buffer overflow vulnerability in several Huawei products. The system does not sufficientl There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code executio

CVE-2020-9109MEDIUMCVSS 4.6fixed in 10.1.0.160\(c00e160r2p8\)fixed in 10.1.0.160\(c01e160r2p8\)2020-10-12

CVE-2020-9109 [MEDIUM] CWE-287 CVE-2020-9109: There is an information disclosure vulnerability in several smartphones. The device does not suffici There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product

CVE-2020-9244MEDIUMCVSS 6.8fixed in 10.1.0.160\(c00e160r2p8\)2020-08-11

CVE-2020-9244 [MEDIUM] CVE-2020-9244: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Ve HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00

CVE-2020-9252LOWCVSS 2.3fixed in 10.1.0.135\(c00e135r2p8\)2020-07-17

CVE-2020-9252 [LOW] CWE-22 CVE-2020-9252: HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pa

CVE-2019-5302MEDIUMCVSS 5.3fixed in 9.1.0.135\(c00e133r2p1\)2020-04-27

CVE-2019-5302 [MEDIUM] CWE-20 CVE-2019-5302: There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send spe There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different

CVE-2019-5303MEDIUMCVSS 5.3fixed in 9.1.0.135\(c00e133r2p1\)2020-04-27

CVE-2019-5303 [MEDIUM] CWE-20 CVE-2019-5303: There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send spe There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different

CVE-2020-1882MEDIUMCVSS 4.6fixed in 10.0.0.176\(c00e70r2p8\)2020-02-18

CVE-2020-1882 [MEDIUM] CVE-2020-1882: Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180 Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper au

CVE-2020-0022HIGHCVSS 8.8fixed in 10.0.0.195\(c00e74r2p8\)2020-02-13

CVE-2020-0022 [HIGH] CWE-682 CVE-2020-0022: In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Andr

CVE-2019-5220MEDIUMCVSS 4.6fixed in ever-al00b_9.0.0.200\(c00e200r2p1\)2019-07-10

CVE-2019-5220 [MEDIUM] CWE-863 CVE-2019-5220: There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system do There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.

CVE-2019-5221MEDIUMCVSS 6.5fixed in ever-l29b_9.1.0.300\(c636e3r2p1\)fixed in ever-l29b_9.1.0.300\(c432e3r1p12\)+1 more2019-07-10

CVE-2019-5221 [MEDIUM] CWE-22 CVE-2019-5221: There is a path traversal vulnerability on Huawei Share. The software does not properly validate the There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.3