Huawei Tony-Al00B Firmware vulnerabilities

CVE-2021-22440 [MEDIUM] CWE-22 CVE-2021-22440: There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that th There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow t

CVE-2020-9247 [HIGH] CWE-120 CVE-2020-9247: There is a buffer overflow vulnerability in several Huawei products. The system does not sufficientl There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code executio

CVE-2020-9109 [MEDIUM] CWE-287 CVE-2020-9109: There is an information disclosure vulnerability in several smartphones. The device does not suffici There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product

CVE-2020-9235 [MEDIUM] CWE-20 CVE-2020-9235: Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 1 Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions

CVE-2020-9076 [MEDIUM] CWE-287 CVE-2020-9076: HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11) HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through ma

CVE-2020-0069 [HIGH] CWE-787 CVE-2020-0069: In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kern

CVE-2019-5235 [MEDIUM] CWE-476 CVE-2019-5235: Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.

CVE-2019-2215 [HIGH] CWE-416 CVE-2019-2215: A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kerne A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-14172009