Huawei P30 Pro Firmware vulnerabilities

CVE-2020-0022 [HIGH] CWE-682 CVE-2020-0022: In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Andr

CVE-2019-5251 [MEDIUM] CWE-22 CVE-2019-5251: There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficien There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.

CVE-2019-5225 [HIGH] CWE-120 CVE-2019-5225: P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E19 P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an applicati

CVE-2019-5226 [MEDIUM] CWE-346 CVE-2019-5226: P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E19 P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do

CVE-2019-5227 [MEDIUM] CWE-346 CVE-2019-5227: P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E19 P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do

CVE-2019-5228 [HIGH] CWE-362 CVE-2019-5228: Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00 Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function i

CVE-2019-5215 [MEDIUM] CVE-2019-5215: There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the

CVE-2019-5307 [MEDIUM] CWE-294 CVE-2019-5307: Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS