Search criteria
21 vulnerabilities found for mate_10_pro_firmware by huawei
FKIE_CVE-2020-1785
Vulnerability from fkie_nvd - Published: 2020-01-03 15:15 - Updated: 2024-11-21 05:11
Severity ?
Summary
Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - | |
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - | |
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - | |
| huawei | honor_v10_firmware | * | |
| huawei | honor_v10 | - | |
| huawei | honor_v10_firmware | * | |
| huawei | honor_v10 | - | |
| huawei | honor_v10_firmware | * | |
| huawei | honor_v10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | nova_4_firmware | * | |
| huawei | nova_4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51374D35-8EE8-4A6D-BFE9-561342F8C219",
"versionEndExcluding": "9.1.0.321\\(c605e4r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FDA48C-29BD-4FF8-A461-5B0DBFA26316",
"versionEndExcluding": "9.1.0.321\\(c636e4r1p14t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03B98CA0-296C-4404-A853-735C1A1E452F",
"versionEndExcluding": "9.1.0.330\\(c432e6r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B394D790-9589-4FC3-8B51-47B9F6E241D2",
"versionEndExcluding": "9.1.0.333\\(c00e333r2p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC5D740-6DEC-42E0-BD76-E253389C8AC2",
"versionEndExcluding": "9.1.0.350\\(c636e4r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D410275-349D-421F-8700-76F0AB160928",
"versionEndExcluding": "9.1.0.351\\(c432e5r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9614091A-8FEA-422F-BCB9-BC3434527428",
"versionEndExcluding": "9.1.0.350\\(c10e5r1p14t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2810D0DE-E189-4365-8E6F-D5E185886BBE",
"versionEndExcluding": "9.1.0.350\\(c185e3r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB0784-E604-4DA7-AB16-AB6C77425F70",
"versionEndExcluding": "9.1.0.350\\(c461e3r1p11t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "536F2BCC-02B1-46FE-82BA-09C47E464F7E",
"versionEndExcluding": "9.1.0.350\\(c636e3r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76784FE7-7B76-4135-A74F-20884EDA55AA",
"versionEndExcluding": "9.1.0.351\\(c432e5r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:nova_4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2CF01-95D0-4FD3-91FE-3242C3D3DA6F",
"versionEndExcluding": "9.1.0.225\\(c636e1r4p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:nova_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07D1E240-F1DE-4FC0-84B7-873978A9A6B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos inteligentes Mate 10 Pro; Honor V10; Honor 10; Nova 4, tiene una vulnerabilidad de denegaci\u00f3n de servicio. El sistema no comprueba apropiadamente el estado de cierto m\u00f3dulo durante determinadas operaciones, un atacante debe enga\u00f1ar al usuario para que instale una aplicaci\u00f3n maliciosa, una explotaci\u00f3n con \u00e9xito podr\u00eda causar el reinicio del tel\u00e9fono inteligente."
}
],
"id": "CVE-2020-1785",
"lastModified": "2024-11-21T05:11:22.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-03T15:15:12.070",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-5264
Vulnerability from fkie_nvd - Published: 2019-12-13 23:15 - Updated: 2024-11-21 04:44
Severity ?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB97444-78F0-42E8-BFD9-B89581D3CF78",
"versionEndExcluding": "9.0.0.167\\(c00e85r2p20t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA00374C-6305-4345-8519-4B499A20F99F",
"versionEndExcluding": "9.0.0.159\\(c432e4r1p9t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F963B1-C9D3-44A4-B7C9-206FF9A2503A",
"versionEndExcluding": "9.0.0.177\\(c185e2r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2990333D-857C-4C65-B940-978447168E23",
"versionEndExcluding": "9.0.0.159\\(c636e2r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C97C82D-1965-4B5D-A5BF-796E07B6E12E",
"versionEndExcluding": "9.0.0.167\\(c00e87r2p15t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D17EEA8-3102-42D0-ABDB-A07B180F7C4A",
"versionEndExcluding": "9.0.0.159\\(c185e2r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "292942FC-5A4B-4E4D-B6F9-B1FB22241282",
"versionEndExcluding": "9.0.0.161\\(c432e4r1p11t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8551C436-EB83-4982-A896-1804F5706C97",
"versionEndExcluding": "9.0.0.159\\(c636e2r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC77875A-B792-4F5B-9D79-A88121825CE1",
"versionEndExcluding": "9.0.0.156\\(c00e156r2p14t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB619BE5-AEF8-4BB1-8700-198C9536A37D",
"versionEndExcluding": "9.0.0.159\\(c432e4r1p9t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E15EECD-43B1-40CA-9491-F07DF8F468B6",
"versionEndExcluding": "9.0.0.159\\(c636e3r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:changxiang_7s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7A8043-4A12-42FD-A17E-FF175F20E14A",
"versionEndExcluding": "9.1.0.107\\(c00e107r2p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:changxiang_7s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C49A64F9-A264-42F8-8213-10F893AF4520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p-smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9D516B-8474-4194-97D3-155B13975A75",
"versionEndExcluding": "9.1.0.119\\(c636e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p-smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA90F70B-C5A2-4B14-AECA-B2014FAFC3C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p-smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "449025DE-ABD7-437E-9B4A-7541CC184E19",
"versionEndExcluding": "9.1.0.130\\(c432e8r1p5t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p-smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA90F70B-C5A2-4B14-AECA-B2014FAFC3C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:changxiang_8_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455F22C9-E60D-4335-9780-8068FB42DEFC",
"versionEndExcluding": "9.1.0.111\\(c00e111r1p6t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:changxiang_8_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED01DFA5-3411-4D0D-B41D-9D6E3AD620FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y9_2018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DBAFE8-3B9B-4F2A-A902-8FA9E76B6815",
"versionEndExcluding": "9.1.0.115\\(c432e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y9_2018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8ED2EF-8C0B-48E7-BB76-261F1BE3B857",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y9_2018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27FB85CA-EE8E-47E6-8BC6-D0D3F78E310B",
"versionEndExcluding": "9.1.0.120\\(c636e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y9_2018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8ED2EF-8C0B-48E7-BB76-261F1BE3B857",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "287546B5-A7EF-44A0-8EA9-80809C40E916",
"versionEndExcluding": "9.1.0.113\\(c00e111r2p10t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61024F08-FAB3-442D-81A1-14E42B3F154B",
"versionEndExcluding": "9.1.0.118\\(c636e4r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49DEB50F-8345-4509-88A8-9F804D13C358",
"versionEndExcluding": "9.1.0.118\\(c185e4r1p4t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C15176A7-3D9B-461B-BF23-82DBABDFB764",
"versionEndExcluding": "9.1.0.121\\(c432e4r1p3t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A952DE4-CE00-42FB-BDBF-B024B2ABB004",
"versionEndExcluding": "9.1.0.121\\(c432e4r1p3t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76911BF2-6AA5-4E8F-A0C2-50488C9645D3",
"versionEndExcluding": "9.1.0.106\\(sp53c636e2r1p4t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3574DAD1-E9B6-4D18-BD26-5EE85FB11412",
"versionEndExcluding": "9.0.1.158\\(c432e6r1p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C743611-3E88-43E1-884D-FCB906870D01",
"versionEndExcluding": "9.0.1.159\\(c636e6r1p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
},
{
"lang": "es",
"value": "tiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en ciertos tel\u00e9fonos inteligentes Huawei (Mate 10; Mate 10 Pro; Honor V10; Changxiang 7S; P-smart; Changxiang 8 Plus; Y9 2018; Honor 9 Lite; Honor 9i; Mate 9). El software no maneja apropiadamente cierta informaci\u00f3n de aplicaciones bloqueadas mediante applock en una condici\u00f3n extra\u00f1a. La explotaci\u00f3n con \u00e9xito podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2019-5264",
"lastModified": "2024-11-21T04:44:38.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T23:15:12.050",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7989
Vulnerability from fkie_nvd - Published: 2018-10-17 15:29 - Updated: 2024-11-21 04:13
Severity ?
Summary
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E18BE6BB-4FE6-4362-8FA4-08659156E91C",
"versionEndExcluding": "bla-al00b_8.1.0.326\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked."
},
{
"lang": "es",
"value": "Los smartphones Huawei Mate 10 en versiones anteriores a la BLA-AL00B 8.1.0.326(C00) tienen una vulnerabilidad de autenticaci\u00f3n incorrecta. App Lock es una funci\u00f3n para prevenir el uso no autorizado de aplicaciones en los smartphones. Un atacante podr\u00eda cambiar directamente la contrase\u00f1a de bloqueo tras una serie de operaciones. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante emplee aplicaciones bloqueadas."
}
],
"id": "CVE-2018-7989",
"lastModified": "2024-11-21T04:13:02.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T15:29:00.820",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7990
Vulnerability from fkie_nvd - Published: 2018-09-04 16:29 - Updated: 2024-11-21 04:13
Severity ?
Summary
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B1D1C9F-4A2B-4394-8BDB-B52687EDB3CE",
"versionEndExcluding": "8.1.0.326\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."
},
{
"lang": "es",
"value": "Los smartphones Huawei Mate10 Pro en versiones anteriores a la 8.1.0.326(C00) tienen una vulnerabilidad de omisi\u00f3n de Factory Reset Protection (FRP). Durante el proceso de reinicio del tel\u00e9fono m\u00f3vil, un atacante podr\u00eda omitir la protecci\u00f3n \"Find My Phone\" tras una serie de operaciones de voz y teclado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante omita FRP."
}
],
"id": "CVE-2018-7990",
"lastModified": "2024-11-21T04:13:02.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T16:29:01.003",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7936
Vulnerability from fkie_nvd - Published: 2018-09-04 16:29 - Updated: 2024-11-21 04:12
Severity ?
Summary
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1AF331-E536-445B-B75B-28AF99A4525A",
"versionEndExcluding": "bla-l29_8.0.0.148\\(c432\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed."
},
{
"lang": "es",
"value": "Los smartphones Huawei Mate 10 Pro con software anterior a las versiones BLA-L29 8.0.0.148(C432) tienen una vulnerabilidad de seguridad de omisi\u00f3n de Factory Reset Protection (FRP). Al reconfigurar el tel\u00e9fono m\u00f3vil mediante la funci\u00f3n FRP (Factory Reset Protection), un atacante puede conectar su tel\u00e9fono al PC y enviar instrucciones especiales para instalar un escritorio de terceros y deshabilitar el asistente de arranque. Como resultado, se omite la funci\u00f3n FRP."
}
],
"id": "CVE-2018-7936",
"lastModified": "2024-11-21T04:12:59.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T16:29:00.613",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7934
Vulnerability from fkie_nvd - Published: 2018-07-31 14:29 - Updated: 2024-11-21 04:12
Severity ?
Summary
Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF37AE5-E14A-4ED0-BACA-585026A5ADD0",
"versionEndExcluding": "bla-l29_8.0.0.145\\(c432\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
},
{
"lang": "es",
"value": "Algunos tel\u00e9fonos m\u00f3viles de Huawei con versiones anteriores a la BLA-L29 8.0.0.145(C432) tienen una vulnerabilidad de denegaci\u00f3n de servicio (DoS) porque no se adaptan a gestos de pantalla concretos. Un atacante podr\u00eda enga\u00f1ar a un usuario para que instale una app maliciosa. Como resultado, las aplicaciones que se ejecutan en el frontend se cierran inesperadamente una vez el usuario realiza gestos de pantalla concretos."
}
],
"id": "CVE-2018-7934",
"lastModified": "2024-11-21T04:12:59.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-31T14:29:00.950",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15311
Vulnerability from fkie_nvd - Published: 2017-12-22 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_firmware | * | |
| huawei | mate_10 | - | |
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - | |
| huawei | mate_9_firmware | * | |
| huawei | mate_9 | - | |
| huawei | mate_9_pro_firmware | * | |
| huawei | mate_9_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E91ECD-963D-4547-8712-912A68678E04",
"versionEndExcluding": "alp-al00_8.0.0.120\\(sp2c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70F576DC-ADE1-4DE1-BDBA-617013F4DAD3",
"versionEndExcluding": "bla-al00_8.0.0.120\\(sp2c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9640332-F80C-4360-A67E-C00C99D807D5",
"versionEndExcluding": "mha-al00b_8.0.0.334\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C983B9F-8A7B-4FF1-8073-7C397714991A",
"versionEndExcluding": "lon-al00b_8.0.0.334\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
},
{
"lang": "es",
"value": "Los m\u00f3dulos baseband de los smartphones Huawei Mate 10, Mate 10 Pro, Mate 9 y Mate 9 Pro con versiones de software anteriores a ALP-AL00 8.0.0.120(SP2C00), anteriores a BLA-AL00 8.0.0.120(SP2C00), anteriores a MHA-AL00B 8.0.0.334(C00) y anteriores a LON-AL00B 8.0.0.334(C00) incluyen una vulnerabilidad de desbordamiento de pila debido a una falta de validaci\u00f3n de par\u00e1metros. Un atacante podr\u00eda enviar paquetes maliciosos a los smartphones dentro del rango de radio mediante dispositivos inal\u00e1mbricos especiales. Esto da lugar a un desbordamiento de pila cuando el m\u00f3dulo baseband manipula estos paquetes. El atacante podr\u00eda explotar esta vulnerabilidad para realizar un ataque de denegaci\u00f3n de servicio (DoS) o para ejecutar c\u00f3digo de manera remota en el m\u00f3dulo baseband."
}
],
"id": "CVE-2017-15311",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-22T17:29:13.063",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-1785 (GCVE-0-2020-1785)
Vulnerability from cvelistv5 – Published: 2020-01-03 14:45 – Updated: 2024-08-04 06:46
VLAI?
Summary
Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Mate 10 Pro;Honor V10;Honor 10;Nova 4 |
Affected:
Versions earlier than 9.1.0.321(C605E4R1P13T8)
Affected: Versions earlier than 9.1.0.321(C636E4R1P14T8) Affected: Versions earlier than 9.1.0.330(C432E6R1P12T8) Affected: Versions earlier than 9.1.0.333(C00E333R2P1T8) Affected: Versions earlier than 9.1.0.350(C636E4R1P13T8) Affected: Versions earlier than 9.1.0.351(C432E5R1P13T8) Affected: Versions earlier than 9.1.0.350(C10E5R1P14T8) Affected: Versions earlier than 9.1.0.350(C185E3R1P12T8) Affected: Versions earlier than 9.1.0.350(C461E3R1P11T8) Affected: Versions earlier than 9.1.0.350(C636E3R1P13T8) Affected: Versions earlier than 9.1.0.225(C636E1R4P1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro;Honor V10;Honor 10;Nova 4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C605E4R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E3R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.225(C636E1R4P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T14:45:04",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro;Honor V10;Honor 10;Nova 4",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.321(C605E4R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E3R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.225(C636E1R4P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1785",
"datePublished": "2020-01-03T14:45:04",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5264 (GCVE-0-2019-5264)
Vulnerability from cvelistv5 – Published: 2019-12-13 23:00 – Updated: 2024-08-04 19:47
VLAI?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9 |
Affected:
Versions earlier than 9.0.0.167(C00E85R2P20T8)
Affected: Versions earlier than 9.0.0.159(C432E4R1P9T8) Affected: Versions earlier than 9.0.0.177(C185E2R1P12T8) Affected: Versions earlier than 9.0.0.159(C636E2R1P12T8) Affected: Versions earlier than 9.0.0.167(C00E87R2P15T8) Affected: Versions earlier than 9.0.0.159(C185E2R1P13T8) Affected: Versions earlier than 9.0.0.161(C432E4R1P11T8) Affected: Versions earlier than 9.0.0.159(C636E2R1P13T8) Affected: Versions earlier than 9.0.0.156(C00E156R2P14T8) Affected: Versions earlier than 9.0.0.159(C636E3R1P12T8) Affected: Versions earlier than 9.1.0.107(C00E107R2P8T8) Affected: Versions earlier than 9.1.0.119(C636E5R1P1T8) Affected: Versions earlier than 9.1.0.130(C432E8R1P5T8) Affected: Versions earlier than 9.1.0.111(C00E111R1P6T8) Affected: Versions earlier than 9.1.0.115(C432E5R1P1T8) Affected: Versions earlier than 9.1.0.120(C636E5R1P1T8) Affected: Versions earlier than 9.1.0.113(C00E111R2P10T8) Affected: Versions earlier than 9.1.0.118(C636E4R1P1T8) Affected: Versions earlier than 9.1.0.118(C185E4R1P4T8) Affected: Versions earlier than 9.1.0.121(C432E4R1P3T8) Affected: Versions earlier than 9.1.0.112(C00E112R1P6T8) Affected: Versions earlier 9.1.0.106(SP53C636E2R1P4T8) Affected: Versions earlier than 9.0.1.158(C432E6R1P8T8) Affected: Versions earlier than 9.0.1.159(C636E6R1P8T8) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:00:29",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"version_value": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"version_value": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"version_value": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"version_value": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"version_value": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"version_value": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"version_value": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"version_value": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5264",
"datePublished": "2019-12-13T23:00:29",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7989 (GCVE-0-2018-7989)
Vulnerability from cvelistv5 – Published: 2018-10-17 15:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.
Severity ?
No CVSS data available.
CWE
- improper authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 pro |
Affected:
The versions before BLA-AL00B 8.1.0.326(C00)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-AL00B 8.1.0.326(C00)"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T14:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-AL00B 8.1.0.326(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7989",
"datePublished": "2018-10-17T15:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7990 (GCVE-0-2018-7990)
Vulnerability from cvelistv5 – Published: 2018-09-04 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.
Severity ?
No CVSS data available.
CWE
- FRP bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate10 Pro |
Affected:
The versions before 8.1.0.326(C00)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before 8.1.0.326(C00)"
}
]
}
],
"datePublic": "2018-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before 8.1.0.326(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7990",
"datePublished": "2018-09-04T16:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7936 (GCVE-0-2018-7936)
Vulnerability from cvelistv5 – Published: 2018-09-04 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
Severity ?
No CVSS data available.
CWE
- FRP bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 Pro |
Affected:
The versions before BLA-L29 8.0.0.148(C432)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-L29 8.0.0.148(C432)"
}
]
}
],
"datePublic": "2018-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-L29 8.0.0.148(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7936",
"datePublished": "2018-09-04T16:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7934 (GCVE-0-2018-7934)
Vulnerability from cvelistv5 – Published: 2018-07-31 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 Pro |
Affected:
The versions before BLA-L29 8.0.0.145(C432)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-L29 8.0.0.145(C432)"
}
]
}
],
"datePublic": "2018-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-31T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-L29 8.0.0.145(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7934",
"datePublished": "2018-07-31T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15311 (GCVE-0-2017-15311)
Vulnerability from cvelistv5 – Published: 2017-12-22 17:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.
Severity ?
No CVSS data available.
CWE
- Stack Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 |
Affected:
before ALP-AL00 8.0.0.120(SP2C00)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 9",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before MHA-AL00B 8.0.0.334(C00)"
}
]
},
{
"product": "Mate 9 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
],
"datePublic": "2017-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-25T00:00:00",
"ID": "CVE-2017-15311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 9",
"version": {
"version_data": [
{
"version_value": "before MHA-AL00B 8.0.0.334(C00)"
}
]
}
},
{
"product_name": "Mate 9 Pro",
"version": {
"version_data": [
{
"version_value": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15311",
"datePublished": "2017-12-22T17:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-17T04:29:33.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1785 (GCVE-0-2020-1785)
Vulnerability from nvd – Published: 2020-01-03 14:45 – Updated: 2024-08-04 06:46
VLAI?
Summary
Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Mate 10 Pro;Honor V10;Honor 10;Nova 4 |
Affected:
Versions earlier than 9.1.0.321(C605E4R1P13T8)
Affected: Versions earlier than 9.1.0.321(C636E4R1P14T8) Affected: Versions earlier than 9.1.0.330(C432E6R1P12T8) Affected: Versions earlier than 9.1.0.333(C00E333R2P1T8) Affected: Versions earlier than 9.1.0.350(C636E4R1P13T8) Affected: Versions earlier than 9.1.0.351(C432E5R1P13T8) Affected: Versions earlier than 9.1.0.350(C10E5R1P14T8) Affected: Versions earlier than 9.1.0.350(C185E3R1P12T8) Affected: Versions earlier than 9.1.0.350(C461E3R1P11T8) Affected: Versions earlier than 9.1.0.350(C636E3R1P13T8) Affected: Versions earlier than 9.1.0.225(C636E1R4P1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro;Honor V10;Honor 10;Nova 4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C605E4R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E3R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.225(C636E1R4P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T14:45:04",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro;Honor V10;Honor 10;Nova 4",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.321(C605E4R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E3R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.225(C636E1R4P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1785",
"datePublished": "2020-01-03T14:45:04",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5264 (GCVE-0-2019-5264)
Vulnerability from nvd – Published: 2019-12-13 23:00 – Updated: 2024-08-04 19:47
VLAI?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9 |
Affected:
Versions earlier than 9.0.0.167(C00E85R2P20T8)
Affected: Versions earlier than 9.0.0.159(C432E4R1P9T8) Affected: Versions earlier than 9.0.0.177(C185E2R1P12T8) Affected: Versions earlier than 9.0.0.159(C636E2R1P12T8) Affected: Versions earlier than 9.0.0.167(C00E87R2P15T8) Affected: Versions earlier than 9.0.0.159(C185E2R1P13T8) Affected: Versions earlier than 9.0.0.161(C432E4R1P11T8) Affected: Versions earlier than 9.0.0.159(C636E2R1P13T8) Affected: Versions earlier than 9.0.0.156(C00E156R2P14T8) Affected: Versions earlier than 9.0.0.159(C636E3R1P12T8) Affected: Versions earlier than 9.1.0.107(C00E107R2P8T8) Affected: Versions earlier than 9.1.0.119(C636E5R1P1T8) Affected: Versions earlier than 9.1.0.130(C432E8R1P5T8) Affected: Versions earlier than 9.1.0.111(C00E111R1P6T8) Affected: Versions earlier than 9.1.0.115(C432E5R1P1T8) Affected: Versions earlier than 9.1.0.120(C636E5R1P1T8) Affected: Versions earlier than 9.1.0.113(C00E111R2P10T8) Affected: Versions earlier than 9.1.0.118(C636E4R1P1T8) Affected: Versions earlier than 9.1.0.118(C185E4R1P4T8) Affected: Versions earlier than 9.1.0.121(C432E4R1P3T8) Affected: Versions earlier than 9.1.0.112(C00E112R1P6T8) Affected: Versions earlier 9.1.0.106(SP53C636E2R1P4T8) Affected: Versions earlier than 9.0.1.158(C432E6R1P8T8) Affected: Versions earlier than 9.0.1.159(C636E6R1P8T8) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:00:29",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"version_value": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"version_value": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"version_value": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"version_value": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"version_value": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"version_value": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"version_value": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"version_value": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5264",
"datePublished": "2019-12-13T23:00:29",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7989 (GCVE-0-2018-7989)
Vulnerability from nvd – Published: 2018-10-17 15:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.
Severity ?
No CVSS data available.
CWE
- improper authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 pro |
Affected:
The versions before BLA-AL00B 8.1.0.326(C00)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-AL00B 8.1.0.326(C00)"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T14:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-AL00B 8.1.0.326(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7989",
"datePublished": "2018-10-17T15:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7990 (GCVE-0-2018-7990)
Vulnerability from nvd – Published: 2018-09-04 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.
Severity ?
No CVSS data available.
CWE
- FRP bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate10 Pro |
Affected:
The versions before 8.1.0.326(C00)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before 8.1.0.326(C00)"
}
]
}
],
"datePublic": "2018-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before 8.1.0.326(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7990",
"datePublished": "2018-09-04T16:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7936 (GCVE-0-2018-7936)
Vulnerability from nvd – Published: 2018-09-04 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
Severity ?
No CVSS data available.
CWE
- FRP bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 Pro |
Affected:
The versions before BLA-L29 8.0.0.148(C432)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-L29 8.0.0.148(C432)"
}
]
}
],
"datePublic": "2018-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-L29 8.0.0.148(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7936",
"datePublished": "2018-09-04T16:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7934 (GCVE-0-2018-7934)
Vulnerability from nvd – Published: 2018-07-31 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 Pro |
Affected:
The versions before BLA-L29 8.0.0.145(C432)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-L29 8.0.0.145(C432)"
}
]
}
],
"datePublic": "2018-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-31T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-L29 8.0.0.145(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7934",
"datePublished": "2018-07-31T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15311 (GCVE-0-2017-15311)
Vulnerability from nvd – Published: 2017-12-22 17:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.
Severity ?
No CVSS data available.
CWE
- Stack Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 |
Affected:
before ALP-AL00 8.0.0.120(SP2C00)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 9",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before MHA-AL00B 8.0.0.334(C00)"
}
]
},
{
"product": "Mate 9 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
],
"datePublic": "2017-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-25T00:00:00",
"ID": "CVE-2017-15311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 9",
"version": {
"version_data": [
{
"version_value": "before MHA-AL00B 8.0.0.334(C00)"
}
]
}
},
{
"product_name": "Mate 9 Pro",
"version": {
"version_data": [
{
"version_value": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15311",
"datePublished": "2017-12-22T17:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-17T04:29:33.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}