Huawei Mate 30 Pro Firmware vulnerabilities

9 known vulnerabilities affecting huawei/mate_30_pro_firmware.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM7LOW1

Vulnerabilities

Page 1 of 1
CVE-2020-9119MEDIUMCVSS 6.2fixed in 10.1.0.156\(c00e156r7p2\)2020-12-24
CVE-2020-9119 [MEDIUM] CVE-2020-9119: There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.
nvd
CVE-2020-9256MEDIUMCVSS 6.5fixed in 10.1.0.150\(c00e136r5p3\)2020-07-18
CVE-2020-9256 [MEDIUM] CVE-2020-9256: Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper a Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service.
nvd
CVE-2020-1838MEDIUMCVSS 5.5fixed in 10.1.0.150\(c00e136r5p3\)2020-07-06
CVE-2020-1838 [MEDIUM] CWE-287 CVE-2020-1838: HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentica HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.
nvd
CVE-2020-1801MEDIUMCVSS 5.5fixed in 10.0.0.205\(c00e202r7p2\)2020-04-10
CVE-2020-1801 [MEDIUM] CWE-287 CVE-2020-1801: There is an improper authentication vulnerability in several smartphones. Certain function interface There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Ma
nvd
CVE-2020-1794MEDIUMCVSS 4.6fixed in 10.0.0.203\(c00e202r7p2\)2020-03-20
CVE-2020-1794 [MEDIUM] CWE-287 CVE-2020-1794: There is an improper authentication vulnerability in several smartphones. The applock does not perfo There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3
nvd
CVE-2020-1796MEDIUMCVSS 6.6≤ 10.0.0.203\(c00e202r7p2\)2020-03-20
CVE-2020-1796 [MEDIUM] CWE-863 CVE-2020-1796: There is an improper authorization vulnerability in several smartphones. The software incorrectly pe There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R
nvd
CVE-2020-1793MEDIUMCVSS 4.6fixed in 10.0.0.203\(c00e202r7p2\)2020-03-20
CVE-2020-1793 [MEDIUM] CWE-287 CVE-2020-1793: There is an improper authentication vulnerability in several smartphones. The applock does not perfo There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3
nvd
CVE-2020-1795LOWCVSS 2.4fixed in 10.0.0.203\(c00e202r7p2\)2020-03-20
CVE-2020-1795 [LOW] CVE-2020-1795: There is a logic error vulnerability in several smartphones. The software does not properly restrict There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E
nvd
CVE-2020-0022HIGHCVSS 8.8fixed in 10.0.0.203\(c00e202r7p2\)2020-02-13
CVE-2020-0022 [HIGH] CWE-682 CVE-2020-0022: In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Andr
nvd