Search criteria
129 vulnerabilities found for p30_firmware by huawei
FKIE_CVE-2020-9081
Vulnerability from fkie_nvd - Published: 2024-12-27 10:15 - Updated: 2025-01-10 20:37
Severity ?
3.5 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_20_firmware | * | |
| huawei | mate_20 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_pro_firmware | * | |
| huawei | p30_pro | - | |
| huawei | princeton-al10d_firmware | * | |
| huawei | princeton-al10d | - | |
| huawei | yale-al00a_firmware | * | |
| huawei | yale-al00a | - | |
| huawei | yale-al50a_firmware | * | |
| huawei | yale-al50a | - | |
| huawei | yalep-al10b_firmware | * | |
| huawei | yalep-al10b | - | |
| huawei | mate_20_firmware | * | |
| huawei | mate_20 | - | |
| huawei | p30_pro_firmware | * | |
| huawei | p30_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "165A8717-DD86-4BC0-AB3C-BD7F92DF68CD",
"versionEndExcluding": "10.1.0.160\\(c00e160r3p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C7558A-D8B6-4773-A14D-38EDFFD96E5E",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4818ECF7-B4D4-4AF4-9DAA-FE08F56B26FC",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:princeton-al10d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C262C7-C463-4F74-8F6B-6BF9B4FDCBCF",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:princeton-al10d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11E6B825-CA55-4BEC-8279-3F33F7CC93EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDC1976-E07B-4464-84DB-EACAE30D97E5",
"versionEndExcluding": "10.1.0.160\\(c00e160r8p12\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "562D05D2-CC9E-4973-9E8D-B40C0ED6C721",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:yale-al50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752648AA-54F7-40EF-AC48-BAD6F9F31579",
"versionEndExcluding": "10.1.0.88\\(c00e88r8p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:yale-al50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77360A45-7501-4243-812A-D8C3403D1F03",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A68AFA26-2D0F-4896-AB42-4E3327935F9D",
"versionEndExcluding": "10.1.0.160\\(c00e160r8p12\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D81385-913B-4A38-A712-41CAE7B78DF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2B578A-E6CE-413D-890B-20AC7EAEE59C",
"versionEndExcluding": "10.1.0.160\\(c01e160r2p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62637079-D8B3-4D71-8686-250C289C2957",
"versionEndExcluding": "10.1.0.160\\(c01e160r2p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\n\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de autorizaci\u00f3n indebida en algunos tel\u00e9fonos inteligentes Huawei. Un atacante podr\u00eda realizar una serie de operaciones en un modo espec\u00edfico para explotar esta vulnerabilidad. Si lo hace con \u00e9xito, podr\u00eda permitir al atacante eludir el bloqueo de la aplicaci\u00f3n. (ID de vulnerabilidad: HWPSIRT-2019-12144) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad y exposici\u00f3n com\u00fan (CVE): CVE-2020-9081."
}
],
"id": "CVE-2020-9081",
"lastModified": "2025-01-10T20:37:44.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "psirt@huawei.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-27T10:15:10.937",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "psirt@huawei.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22399
Vulnerability from fkie_nvd - Published: 2021-07-13 12:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | p30_firmware | 10.0.0.195\(c432e22r2p5\) | |
| huawei | p30_firmware | 10.0.0.200\(c00e85r2p11\) | |
| huawei | p30_firmware | 10.0.0.200\(c461e6r3p1\) | |
| huawei | p30_firmware | 10.0.0.201\(c10e7r5p1\) | |
| huawei | p30_firmware | 10.0.0.201\(c185e4r7p1\) | |
| huawei | p30_firmware | 10.0.0.206\(c605e19r1p3\) | |
| huawei | p30_firmware | 10.0.0.209\(c636e6r3p4\) | |
| huawei | p30_firmware | 10.0.0.210\(c635e3r2p4\) | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.195\\(c432e22r2p5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "91183616-37B2-4A12-8618-CC67E5599A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.200\\(c00e85r2p11\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7CC6D39-258F-467B-8F30-8156AAE82E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.200\\(c461e6r3p1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "462708E7-4D60-4786-B2B0-966FC2234BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.201\\(c10e7r5p1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "730A2C08-9C3E-4794-9876-206164AADAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.201\\(c185e4r7p1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA40C584-80A1-49A5-A346-7F316A4640FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.206\\(c605e19r1p3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6474BF29-4980-45AC-A5BE-463E37EDC828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.209\\(c636e6r3p4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "731B92DD-7072-421E-B4FE-088E5FCE0805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.210\\(c635e3r2p4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D840C42-60E5-4E0D-892F-8D90ED74FD55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7CBB9B-878D-48E6-9AB2-F69FE744065D",
"versionEndExcluding": "10.1.0.165\\(c01e165r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11)."
},
{
"lang": "es",
"value": "La funci\u00f3n Bluetooth de algunos smartphones de Huawei presenta una vulnerabilidad DoS. Los atacantes pueden instalar aplicaciones de terceros para enviar transmisiones espec\u00edficas, causando un bloqueo al m\u00f3dulo Bluetooth. Esta vulnerabilidad es explotada con \u00e9xito para causar que la funci\u00f3n Bluetooth se vuelva anormal. Las versiones de producto afectadas incluyen: HUAWEI P30 versi\u00f3n 10.0.0.195(C432E22R2P5), versi\u00f3n 10.0.0.200(C00E85R2P11), versi\u00f3n 10.0.0.200(C461E6R3P1), versi\u00f3n 10.0.0.201(C10E7R5P1), versi\u00f3n 10.0.0.201(C185E4R7P1), versi\u00f3n 10. Versi\u00f3n 0.0.206(C605E19R1P3), versi\u00f3n 10.0.0.209(C636E6R3P4), versi\u00f3n 10.0.0.210(C635E3R2P4), y versiones anteriores a 10.1.0.165(C01E165R2P11)"
}
],
"id": "CVE-2021-22399",
"lastModified": "2024-11-21T05:50:03.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-13T12:15:09.820",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22331
Vulnerability from fkie_nvd - Published: 2021-04-28 13:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7CBB9B-878D-48E6-9AB2-F69FE744065D",
"versionEndExcluding": "10.1.0.165\\(c01e165r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6353EE9-A70E-432E-8BE3-63EC376C32B7",
"versionEndExcluding": "11.0.0.118\\(c635e2r1p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E914E-0DA7-4B31-A025-7CB049449F1F",
"versionEndExcluding": "11.0.0.120\\(c00e120r2p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1B9275-29E6-43D2-BC07-8F9292CCA09B",
"versionEndExcluding": "11.0.0.138\\(c10e4r5p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3D29C6-3FD2-4E7F-851C-9F4CACBC4B9F",
"versionEndExcluding": "11.0.0.138\\(c185e4r7p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF5BF0-B8D8-4961-BF53-D8D7A5964A27",
"versionEndExcluding": "11.0.0.138\\(c432e8r2p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21230784-00C0-4F52-B700-6FD7D86BAB9C",
"versionEndExcluding": "11.0.0.138\\(c461e4r3p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20116612-2D5D-48E5-81F4-E0C1982CFC86",
"versionEndExcluding": "11.0.0.138\\(c605e4r1p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "893BBE10-DCCE-42FA-A477-2A4FE9345280",
"versionEndExcluding": "11.0.0.138\\(c636e4r3p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3)."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n de JavaScript en determinados tel\u00e9fonos inteligentes de Huawei.\u0026#xa0;Un m\u00f3dulo no verifica suficientemente algunas entradas.\u0026#xa0;Los atacantes pueden explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n de aplicaci\u00f3n maliciosa para iniciar la inyecci\u00f3n de JavaScript.\u0026#xa0;Esto puede comprometer el servicio normal.\u0026#xa0;Las versiones de producto afectadas incluyen versiones de HUAWEI P30 anteriores a 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R2P3), 11.0.0.138(C185E4R2P3) , 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3) y 11.0.0.138(C636E4R3P3)"
}
],
"id": "CVE-2021-22331",
"lastModified": "2024-11-21T05:49:55.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T13:15:08.077",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22327
Vulnerability from fkie_nvd - Published: 2021-04-28 12:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | p30_firmware | 10.0.0.186\(c10e7r5p1\) | |
| huawei | p30_firmware | 10.0.0.186\(c461e4r3p1\) | |
| huawei | p30_firmware | 10.0.0.188\(c00e85r2p11\) | |
| huawei | p30_firmware | 10.0.0.188\(c01e88r2p11\) | |
| huawei | p30_firmware | 10.0.0.188\(c605e19r1p3\) | |
| huawei | p30_firmware | 10.0.0.190\(c185e4r7p1\) | |
| huawei | p30_firmware | 10.0.0.190\(c431e22r2p5\) | |
| huawei | p30_firmware | 10.0.0.190\(c432e22r2p5\) | |
| huawei | p30_firmware | 10.0.0.190\(c605e19r1p3\) | |
| huawei | p30_firmware | 10.0.0.190\(c636e4r3p4\) | |
| huawei | p30_firmware | 10.0.0.192\(c635e3r2p4\) | |
| huawei | p30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.186\\(c10e7r5p1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5CCB8EA7-C9E7-4855-B203-B0E92629E96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.186\\(c461e4r3p1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E8BB4F42-422C-4C7A-A1E0-4F7088D923C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.188\\(c00e85r2p11\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1C06A19-8AE9-4184-97C1-62C370614CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.188\\(c01e88r2p11\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A8FE7760-CE52-4B86-B016-EE2C1E91C128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.188\\(c605e19r1p3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED9377B1-039C-4563-AE8D-53B821C72D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c185e4r7p1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2A322538-FDA4-4AB4-AAB5-4055347676FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c431e22r2p5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "79845BD4-2B20-44CE-A78C-C666153D76C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c432e22r2p5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7F51F54B-3D16-4568-BFA8-D5FBCA8F10E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c605e19r1p3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "06EDAE0B-D4A0-4E41-BF32-487DA170ACEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c636e4r3p4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "36B2746C-D296-4AF5-BFE9-B942802C7750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.192\\(c635e3r2p4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B5901BC9-9EC0-4FFA-A597-3E8C8E858389",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4)."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escritura de memoria arbitraria en el tel\u00e9fono inteligente Huawei cuando se procesa el an\u00e1lisis de archivos.\u0026#xa0;Debido a una validaci\u00f3n insuficiente de los archivos de entrada, una explotaci\u00f3n con \u00e9xito podr\u00eda causar que determinados servicios sean anormales.\u0026#xa0;Las versiones de productos afectados incluyen: HUAWEI P30 versiones 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11), 10.0.0.188(C605E19R1P3), 10.0.0.188(C605E19R1P3), 10.0.0.190 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5), 10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4)"
}
],
"id": "CVE-2021-22327",
"lastModified": "2024-11-21T05:49:55.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T12:15:08.223",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22330
Vulnerability from fkie_nvd - Published: 2021-04-28 12:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | p30_firmware | 9.1.0.131\(c00e130r1p21\) | |
| huawei | p30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:9.1.0.131\\(c00e130r1p21\\):*:*:*:*:*:*:*",
"matchCriteriaId": "27DDA2A2-5F2B-430F-928B-17D88EDDFED9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escritura fuera de l\u00edmites en el tel\u00e9fono inteligente Huawei HUAWEI P30 versiones 9.1.0.131(C00E130R1P21) cuando se procesa un mensaje.\u0026#xa0;Un atacante no autenticado puede explotar esta vulnerabilidad mediante el env\u00edo de un mensaje espec\u00edfico al dispositivo de destino.\u0026#xa0;Debido a una comprobaci\u00f3n insuficiente del par\u00e1metro de entrada, una explotaci\u00f3n con \u00e9xito puede causar que el proceso y el servicio sean anormales"
}
],
"id": "CVE-2021-22330",
"lastModified": "2024-11-21T05:49:55.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T12:15:08.257",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9203
Vulnerability from fkie_nvd - Published: 2021-01-13 22:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C9CB0-9801-4BA3-8B18-EAE69C0D4E28",
"versionEndExcluding": "10.1.0.168\\(c00e168r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79D42878-0C41-42A4-ABB7-D2718FBCCC3A",
"versionEndExcluding": "10.1.0.168\\(c01e168r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969F600F-FF64-4877-910E-C2225D4369A0",
"versionEndExcluding": "10.1.0.176\\(c635e4r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E232F53B-F07B-425E-A0D8-EFEB551480DE",
"versionEndExcluding": "10.1.0.177\\(c636e8r3p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA3B6ED-CFED-4028-8E6D-635953C1D688",
"versionEndExcluding": "10.1.0.179\\(c10e8r5p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC827CA-67AE-4B8B-A108-6EBBBDF12D4A",
"versionEndExcluding": "10.1.0.179\\(c185e7r7p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EF9C16-CA18-4841-A045-902D728B6439",
"versionEndExcluding": "10.1.0.179\\(c605e23r1p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer\u0027s use experience."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de errores de administraci\u00f3n de recursos en Huawei P30.\u0026#xa0;Los atacantes locales construyen un mensaje de difusi\u00f3n para alguna aplicaci\u00f3n, causando que esta aplicaci\u00f3n env\u00ede este mensaje de difusi\u00f3n y afecte la experiencia de uso del cliente."
}
],
"id": "CVE-2020-9203",
"lastModified": "2024-11-21T05:40:09.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-13T22:15:14.240",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9247
Vulnerability from fkie_nvd - Published: 2020-12-07 13:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F274713-28DD-423D-9298-F0D05465D654",
"versionEndExcluding": "10.1.0.230\\(c432e9r5p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2BCA7E-E555-45D1-807A-F53682B0C383",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "165A8717-DD86-4BC0-AB3C-BD7F92DF68CD",
"versionEndExcluding": "10.1.0.160\\(c00e160r3p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE421D2-9633-43AA-8548-9F2E8A7B724A",
"versionEndExcluding": "10.1.0.270\\(c432e7r1p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73419613-9F87-4E99-9A8D-D8B6B74F882D",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD3779B-F943-4B7E-BF82-AA4A051D02C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:9.1.0.272\\(c635e4r2p2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "09F3E84F-6F0A-40BC-91D5-C08A065EE345",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4818ECF7-B4D4-4AF4-9DAA-FE08F56B26FC",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "171D6C45-8616-4D7A-8869-7C69DB877316",
"versionEndExcluding": "10.1.0.273\\(c185e5r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366DC5C5-9276-4921-9ABD-92941B0CEE6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:laya-al00ep_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBD1414-620B-4367-BF57-9AED468EA81C",
"versionEndExcluding": "10.1.0.160\\(c786e160r3p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:laya-al00ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3A54AE-DC30-429B-8FB8-BE6EB933E685",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:princeton-al10b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4B9600-877F-458C-8E89-40E0B0D21E8A",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:princeton-al10b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F930E0-D32C-4D37-8A1D-78D4BFAECF37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21BE2094-71C2-4C64-860E-67DE745110AD",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:tony-al00b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E14B978-2A3C-4F55-8E3A-BA41AB137C33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF4CBFD-6BB8-46B0-85B2-C2C144190AA0",
"versionEndExcluding": "10.1.0.225\\(c432e3r1p2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:yale-l61a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB7B562-CDE8-47F2-8537-52AB3640E218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:yale-tl00b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C61685-A7A9-4E2E-BA7B-15A3C32B3F4B",
"versionEndExcluding": "10.1.0.160\\(c01e160r8p12\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:yale-tl00b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4177D27-D234-4BBF-A4D9-1C0DCE5B322C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A68AFA26-2D0F-4896-AB42-4E3327935F9D",
"versionEndExcluding": "10.1.0.160\\(c00e160r8p12\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D81385-913B-4A38-A712-41CAE7B78DF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8A96B1-0C57-4BDE-A4A4-1409A19B8C88",
"versionEndExcluding": "10.1.0.231\\(c10e3r3p2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2BCA7E-E555-45D1-807A-F53682B0C383",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8C02-F0E4-456E-A456-93FC2C568DF2",
"versionEndExcluding": "10.1.0.270\\(c635e3r1p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AA09E4-2CEF-4482-AA24-00AF0C2E7050",
"versionEndExcluding": "10.1.0.273\\(c185e7r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D23DA1-BD80-4157-A418-56A8B5DA544D",
"versionEndExcluding": "10.1.0.273\\(c636e7r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07AE032D-2BA2-4717-8280-98182B3A61AB",
"versionEndExcluding": "10.1.0.277\\(c10e7r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC8A76AE-FE0F-4C53-86EC-7663351D4EF9",
"versionEndExcluding": "10.1.0.277\\(c605e7r1p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17DCDDE2-A0F8-451D-8B92-029EAD61A6D2",
"versionEndExcluding": "10.1.0.123\\(c432e22r2p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67F9D5D0-FA78-4FE6-945F-C92692EE5E15",
"versionEndExcluding": "10.1.0.126\\(c10e7r5p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB36260-4707-4F6C-A5EF-9948BB1C5018",
"versionEndExcluding": "10.1.0.126\\(c185e4r7p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC986DB-F634-4E50-9934-AE9406CBA72A",
"versionEndExcluding": "10.1.0.126\\(c605e19r1p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA764DAA-0533-4A69-95A3-00260583800B",
"versionEndExcluding": "10.1.0.126\\(c636e5r3p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A19133CB-485B-4FF9-A103-6A76CB9332F5",
"versionEndExcluding": "10.1.0.126\\(c636e7r3p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF06609-7E15-4F42-A112-9925185F5925",
"versionEndExcluding": "10.1.0.273\\(c636e5r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366DC5C5-9276-4921-9ABD-92941B0CEE6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6066AB6A-2C61-4192-95DE-9CF1173F5666",
"versionEndExcluding": "10.1.0.275\\(c10e4r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366DC5C5-9276-4921-9ABD-92941B0CEE6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:yale-l61a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3687F033-B75A-497E-B435-87D5D2F2A071",
"versionEndExcluding": "10.1.0.226\\(c10e3r1p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:yale-l61a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB7B562-CDE8-47F2-8537-52AB3640E218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en varios productos de Huawei. El sistema no valida suficientemente ciertos par\u00e1metros de configuraci\u00f3n que son pasados desde usuario y que causar\u00edan un desbordamiento del b\u00fafer. El atacante deber\u00eda enga\u00f1ar al usuario para que instale y ejecute una aplicaci\u00f3n maliciosa con un alto privilegio; una explotaci\u00f3n con \u00e9xito puede provocar una ejecuci\u00f3n de c\u00f3digo. Los productos afectados incluyen Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B y YaleP- AL10B"
}
],
"id": "CVE-2020-9247",
"lastModified": "2024-11-21T05:40:15.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-07T13:15:11.123",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@huawei.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9263
Vulnerability from fkie_nvd - Published: 2020-10-19 20:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_30_firmware | * | |
| huawei | mate_30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB3F33A-CBB7-47B1-9208-E6FEFB4B48D8",
"versionEndExcluding": "10.1.0.150\\(c00e136r5p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40B08C1D-444B-4C8B-B7F9-60CA9B2A8D50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C7558A-D8B6-4773-A14D-38EDFFD96E5E",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution."
},
{
"lang": "es",
"value": "HUAWEI Mate 30 versiones anteriores a 10.1.0.150(C00E136R5P3) y HUAWEI P30 versiones anterior a 10.1.0.160(C00E160R2P11), presentan una vulnerabilidad de uso de la memoria previamente liberada.\u0026#xa0;Se presenta una condici\u00f3n de que el sistema podr\u00eda hacer referencia a la memoria despu\u00e9s de que haya sido liberada, el atacante debe enga\u00f1ar al usuario para ejecutar una aplicaci\u00f3n dise\u00f1ada con privilegios comunes, una explotaci\u00f3n con \u00e9xito podr\u00eda causar una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2020-9263",
"lastModified": "2024-11-21T05:40:17.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-19T20:15:13.323",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9104
Vulnerability from fkie_nvd - Published: 2020-08-21 14:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - | |
| huawei | p30_firmware | * | |
| huawei | p30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DCF97D-14BA-458D-8109-3714FF615EFD",
"versionEndExcluding": "10.1.0.123\\(c431e22r2p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17DCDDE2-A0F8-451D-8B92-029EAD61A6D2",
"versionEndExcluding": "10.1.0.123\\(c432e22r2p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67F9D5D0-FA78-4FE6-945F-C92692EE5E15",
"versionEndExcluding": "10.1.0.126\\(c10e7r5p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB36260-4707-4F6C-A5EF-9948BB1C5018",
"versionEndExcluding": "10.1.0.126\\(c185e4r7p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "517B3C9A-0154-47BC-9F96-AA40BFB1192B",
"versionEndExcluding": "10.1.0.126\\(c461e7r3p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC986DB-F634-4E50-9934-AE9406CBA72A",
"versionEndExcluding": "10.1.0.126\\(c605e19r1p3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A19133CB-485B-4FF9-A103-6A76CB9332F5",
"versionEndExcluding": "10.1.0.126\\(c636e7r3p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2639FB43-BB1F-49B1-9C4F-AD7D583A5008",
"versionEndExcluding": "10.1.0.128\\(c635e3r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C7558A-D8B6-4773-A14D-38EDFFD96E5E",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0102B7F-9C0F-4E4F-BD16-7B14DA387E2A",
"versionEndExcluding": "10.1.0.160\\(c01e160r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos inteligentes HUAWEI P30 versiones anteriores a 10.1.0.123(C431E22R2P5), versiones anteriores a 10.1.0.123(C432E22R2P5), versiones anteriores a 10.1.0.126(C10E7R5P1), versiones anteriores a 10.1.0.126(C185E4R7P1), versiones anteriores a 10.1.0.126(C461E7R3P1), versiones anteriores a 10.1.0.126(C605E19R1P3), versiones anteriores a 10.1.0.126(C636E7R3P4), versiones anteriores a 10.1.0.128(C635E3R2P4), versiones anteriores a 10.1.0.160(C00E160R2P11.0), versiones anteriores a 10.1.0.160(C01E160R2P11), presentan una vulnerabilidad de denegaci\u00f3n de servicio. En un escenario espec\u00edfico, debido a la administraci\u00f3n inapropiada de recursos y la p\u00e9rdida de memoria de alguna funcionalidad, el atacante podr\u00eda explotar esta vulnerabilidad para causar el reinicio del dispositivo."
}
],
"id": "CVE-2020-9104",
"lastModified": "2024-11-21T05:40:02.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T14:15:11.340",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9244
Vulnerability from fkie_nvd - Published: 2020-08-11 19:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "165A8717-DD86-4BC0-AB3C-BD7F92DF68CD",
"versionEndExcluding": "10.1.0.160\\(c00e160r3p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5322963-9375-4E4E-8119-895C224003AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAC2512-1577-4DB3-AC23-A5F4BF0D9127",
"versionEndExcluding": "10.1.0.270\\(c431e7r1p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73419613-9F87-4E99-9A8D-D8B6B74F882D",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD3779B-F943-4B7E-BF82-AA4A051D02C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C7558A-D8B6-4773-A14D-38EDFFD96E5E",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4818ECF7-B4D4-4AF4-9DAA-FE08F56B26FC",
"versionEndExcluding": "10.1.0.160\\(c00e160r2p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB671DB-CB5B-46E0-B221-722D051184DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_rs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939C475D-62F1-4739-A010-8EB1D254352D",
"versionEndExcluding": "10.1.0.160\\(c786e160r3p8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99DD3EC3-7E9B-4904-8317-C3528D1CAFEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_magic_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA59594-AD02-44FC-B3A4-91D961A5A81D",
"versionEndExcluding": "10.0.0.187\\(c00e61r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_magic_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3A0DA8-F39F-4343-856C-4BCDFB874DD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2972F40-6507-40D2-8F9B-40A3BDBC6142",
"versionEndExcluding": "10.0.0.175\\(c00e58r4p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55571AAC-B8B2-48D0-8486-BB2992A39568",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8A69A7-BDA8-42C7-800D-A15928E1FDBC",
"versionEndExcluding": "10.0.0.194\\(c00e62r8p12\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2BCA7E-E555-45D1-807A-F53682B0C383",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F48C40-4FAC-4311-98F1-99FC480C2C90",
"versionEndExcluding": "10.0.0.188\\(c00e62r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF332D5-0799-487A-970B-E0FB7435207D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6E8C02-F0E4-456E-A456-93FC2C568DF2",
"versionEndExcluding": "10.1.0.270\\(c635e3r1p5\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_20_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D23DA1-BD80-4157-A418-56A8B5DA544D",
"versionEndExcluding": "10.1.0.273\\(c636e7r2p4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_20_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564E28F-EF08-4381-96D8-58BB7C8C0E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_magic_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA59594-AD02-44FC-B3A4-91D961A5A81D",
"versionEndExcluding": "10.0.0.187\\(c00e61r2p11\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_magic_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3A0DA8-F39F-4343-856C-4BCDFB874DD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged"
},
{
"lang": "es",
"value": "Versiones de HUAWEI Mate 20 Versiones anteriores a 10.1.0.160(C00E160R3P8); versiones de HUAWEI Mate 20 Pro Versiones anteriores a 10.1.0.270(C431E7R1P5), Versiones anteriores a 10.1.0.270(C635E3R1P5), Versiones anteriores a 10.1.0.273(C636E7R2WE); versiones de Mate 20 X Versiones anteriores a 10.1.0.160(C00E160R2P8); versiones de HUAWEI P30 Versiones anteriores a 10.1.0.160(C00E160R2P11); versiones de HUAWEI P30 Pro Versiones anteriores a 10.1.0.160(C00E160R2P8); versiones de HUAWEI Mate 20 RS Versiones anteriores a 10.1 .0.160(C786E160R3P8); versiones de HonorMagic2 Versiones anteriores a 10.0.0.187(C00E61R2P11); versiones de Honor20 Versiones anteriores a 10.0.0.175(C00E58R4P11); versiones de Honor20 PRO Versiones anteriores a 10.0.0.194(C00E62R8P12); versiones de HonorMagic2 10.0.0.187(C00E61R2P11); versiones de HonorV20 Versiones anteriores a 10.0.0.188(C00E62R2P11), presentan una vulnerabilidad de autenticaci\u00f3n inapropiada. El sistema no firma adecuadamente determinado archivo cifrado, el atacante debe conseguir la clave usada para cifrar el archivo, una explotaci\u00f3n con \u00e9xito podr\u00eda causar que cierto archivo sea falsificado"
}
],
"id": "CVE-2020-9244",
"lastModified": "2024-11-21T05:40:15.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-11T19:15:17.687",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-9081 (GCVE-0-2020-9081)
Vulnerability from cvelistv5 – Published: 2024-12-27 09:34 – Updated: 2024-12-27 16:08
VLAI?
Summary
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | HUAWEI Mate 20 |
Affected:
Versions earlier than 10.1.0.160(C00E160R3P8)
Affected: Versions earlier than 10.1.0.160(C01E160R2P8) |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T16:07:50.855336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T16:08:00.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HUAWEI Mate 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R3P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C01E160R2P8)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HUAWEI P30",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HUAWEI P30 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C01E160R2P8)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Princeton-AL10D",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Yale-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R8P12)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Yale-AL50A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.88(C00E88R8P1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "YaleP-AL10B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R8P12)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.\u003c/p\u003e"
}
],
"value": "There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\n\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T09:34:40.332Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9081",
"datePublished": "2024-12-27T09:34:40.332Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-12-27T16:08:00.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22399 (GCVE-0-2021-22399)
Vulnerability from cvelistv5 – Published: 2021-07-13 11:37 – Updated: 2024-08-03 18:44
VLAI?
Summary
The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11).
Severity ?
No CVSS data available.
CWE
- Bluetooth Function Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
10.0.0.195(C432E22R2P5),10.0.0.200(C00E85R2P11),10.0.0.200(C461E6R3P1),10.0.0.201(C10E7R5P1),10.0.0.201(C185E4R7P1),10.0.0.206(C605E19R1P3),10.0.0.209(C636E6R3P4),10.0.0.210(C635E3R2P4),Versions earlier than 10.1.0.165(C01E165R2P11)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:12.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.0.0.195(C432E22R2P5),10.0.0.200(C00E85R2P11),10.0.0.200(C461E6R3P1),10.0.0.201(C10E7R5P1),10.0.0.201(C185E4R7P1),10.0.0.206(C605E19R1P3),10.0.0.209(C636E6R3P4),10.0.0.210(C635E3R2P4),Versions earlier than 10.1.0.165(C01E165R2P11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bluetooth Function Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T11:37:25",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "10.0.0.195(C432E22R2P5),10.0.0.200(C00E85R2P11),10.0.0.200(C461E6R3P1),10.0.0.201(C10E7R5P1),10.0.0.201(C185E4R7P1),10.0.0.206(C605E19R1P3),10.0.0.209(C636E6R3P4),10.0.0.210(C635E3R2P4),Versions earlier than 10.1.0.165(C01E165R2P11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bluetooth Function Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22399",
"datePublished": "2021-07-13T11:37:25",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:12.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22331 (GCVE-0-2021-22331)
Vulnerability from cvelistv5 – Published: 2021-04-28 12:19 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).
Severity ?
No CVSS data available.
CWE
- JavaScript Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JavaScript Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T12:19:09",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JavaScript Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22331",
"datePublished": "2021-04-28T12:19:09",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22330 (GCVE-0-2021-22330)
Vulnerability from cvelistv5 – Published: 2021-04-28 11:49 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal.
Severity ?
No CVSS data available.
CWE
- Out of Bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
9.1.0.131(C00E130R1P21)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1.0.131(C00E130R1P21)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of Bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T11:49:31",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "9.1.0.131(C00E130R1P21)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of Bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22330",
"datePublished": "2021-04-28T11:49:31",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22327 (GCVE-0-2021-22327)
Vulnerability from cvelistv5 – Published: 2021-04-28 11:19 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).
Severity ?
No CVSS data available.
CWE
- Arbitrary Memory Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
10.0.0.186(C10E7R5P1),10.0.0.186(C461E4R3P1),10.0.0.188(C00E85R2P11),10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3),10.0.0.190(C185E4R7P1),10.0.0.190(C431E22R2P5),10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3),10.0.0.190(C636E4R3P4),10.0.0.192(C635E3R2P4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.0.0.186(C10E7R5P1),10.0.0.186(C461E4R3P1),10.0.0.188(C00E85R2P11),10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3),10.0.0.190(C185E4R7P1),10.0.0.190(C431E22R2P5),10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3),10.0.0.190(C636E4R3P4),10.0.0.192(C635E3R2P4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Memory Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T11:19:52",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "10.0.0.186(C10E7R5P1),10.0.0.186(C461E4R3P1),10.0.0.188(C00E85R2P11),10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3),10.0.0.190(C185E4R7P1),10.0.0.190(C431E22R2P5),10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3),10.0.0.190(C636E4R3P4),10.0.0.192(C635E3R2P4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Memory Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22327",
"datePublished": "2021-04-28T11:19:52",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9203 (GCVE-0-2020-9203)
Vulnerability from cvelistv5 – Published: 2021-01-13 22:01 – Updated: 2024-08-04 10:19
VLAI?
Summary
There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.
Severity ?
No CVSS data available.
CWE
- Resource Management Errors
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
Versions earlier than 10.1.0.168(C00E168R2P11),Versions earlier than 10.1.0.168(C01E168R2P11),Versions earlier than 10.1.0.176(C635E4R2P4),Versions earlier than 10.1.0.177(C636E8R3P4),Versions earlier than 10.1.0.179(C10E8R5P1),Versions earlier than 10.1.0.179(C185E7R7P1),Versions earlier than 10.1.0.179(C605E23R1P3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.168(C00E168R2P11),Versions earlier than 10.1.0.168(C01E168R2P11),Versions earlier than 10.1.0.176(C635E4R2P4),Versions earlier than 10.1.0.177(C636E8R3P4),Versions earlier than 10.1.0.179(C10E8R5P1),Versions earlier than 10.1.0.179(C185E7R7P1),Versions earlier than 10.1.0.179(C605E23R1P3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer\u0027s use experience."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Management Errors",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:01:34",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.168(C00E168R2P11),Versions earlier than 10.1.0.168(C01E168R2P11),Versions earlier than 10.1.0.176(C635E4R2P4),Versions earlier than 10.1.0.177(C636E8R3P4),Versions earlier than 10.1.0.179(C10E8R5P1),Versions earlier than 10.1.0.179(C185E7R7P1),Versions earlier than 10.1.0.179(C605E23R1P3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer\u0027s use experience."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9203",
"datePublished": "2021-01-13T22:01:34",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:20.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9247 (GCVE-0-2020-9247)
Vulnerability from cvelistv5 – Published: 2020-12-07 12:49 – Updated: 2024-08-04 10:19
VLAI?
Summary
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.
Severity ?
No CVSS data available.
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | HONOR 20 PRO |
Affected:
unspecified , < 10.1.0.230(C432E9R5P1)
(custom)
Affected: unspecified , < 10.1.0.231(C10E3R3P2) (custom) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HONOR 20 PRO",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.230(C432E9R5P1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.231(C10E3R3P2)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI Mate 20",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R3P8)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI Mate 20 Pro",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.270(C432E7R1P5)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.270(C635E3R1P5)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.273(C185E7R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.273(C636E7R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.277(C10E7R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.277(C605E7R1P5)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI Mate 20 X",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R2P8)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI P30",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "9.1.0.272(C635E4R2P2)"
},
{
"lessThan": "10.1.0.123(C432E22R2P5)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C10E7R5P1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C185E4R7P1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C605E19R1P3)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C636E5R3P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C636E7R3P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI P30 Pro",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R2P8)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Hima-L29C",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.273(C185E5R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.273(C636E5R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.275(C10E4R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Laya-AL00EP",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C786E160R3P8)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Princeton-AL10B",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R2P11)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tony-AL00B",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R2P11)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Yale-L61A",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.225(C432E3R1P2)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.226(C10E3R1P1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Yale-TL00B",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C01E160R8P12)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "YaleP-AL10B",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R8P12)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T12:49:00",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en"
}
],
"source": {
"advisory": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HONOR 20 PRO",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.230(C432E9R5P1)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.231(C10E3R3P2)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R3P8)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.270(C432E7R1P5)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.270(C635E3R1P5)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.273(C185E7R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.273(C636E7R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.277(C10E7R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.277(C605E7R1P5)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 X",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R2P8)"
}
]
}
},
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.1.0.272(C635E4R2P2)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.123(C432E22R2P5)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C10E7R5P1)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C185E4R7P1)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C605E19R1P3)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C636E5R3P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C636E7R3P4)"
}
]
}
},
{
"product_name": "HUAWEI P30 Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R2P8)"
}
]
}
},
{
"product_name": "Hima-L29C",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.273(C185E5R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.273(C636E5R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.275(C10E4R2P4)"
}
]
}
},
{
"product_name": "Laya-AL00EP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C786E160R3P8)"
}
]
}
},
{
"product_name": "Princeton-AL10B",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R2P11)"
}
]
}
},
{
"product_name": "Tony-AL00B",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R2P11)"
}
]
}
},
{
"product_name": "Yale-L61A",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.225(C432E3R1P2)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.226(C10E3R1P1)"
}
]
}
},
{
"product_name": "Yale-TL00B",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C01E160R8P12)"
}
]
}
},
{
"product_name": "YaleP-AL10B",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R8P12)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en"
}
]
},
"source": {
"advisory": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9247",
"datePublished": "2020-12-07T12:49:00",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:20.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9263 (GCVE-0-2020-9263)
Vulnerability from cvelistv5 – Published: 2020-10-19 19:57 – Updated: 2024-08-04 10:26
VLAI?
Summary
HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.
Severity ?
No CVSS data available.
CWE
- Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI Mate 30;HUAWEI P30 |
Affected:
Versions earlier than 10.1.0.150(C00E136R5P3)
Affected: Versions earlier than 10.1.0.160(C00E160R2P11) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:14.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 30;HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.150(C00E136R5P3)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-19T19:57:15",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 30;HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.150(C00E136R5P3)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9263",
"datePublished": "2020-10-19T19:57:15",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:26:14.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9104 (GCVE-0-2020-9104)
Vulnerability from cvelistv5 – Published: 2020-08-21 13:16 – Updated: 2024-08-04 10:19
VLAI?
Summary
HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T13:16:29",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9104",
"datePublished": "2020-08-21T13:16:29",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9244 (GCVE-0-2020-9244)
Vulnerability from cvelistv5 – Published: 2020-08-11 18:46 – Updated: 2024-08-04 10:19
VLAI?
Summary
HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged
Severity ?
No CVSS data available.
CWE
- Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20 |
Affected:
Versions earlier than 10.1.0.160(C00E160R3P8)
Affected: Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4) Affected: Versions earlier than 10.1.0.160(C00E160R2P8) Affected: Versions earlier than 10.1.0.160(C00E160R2P11) Affected: Versions earlier than 10.1.0.160(C786E160R3P8) Affected: Versions earlier than 10.0.0.187(C00E61R2P11) Affected: Versions earlier than 10.0.0.175(C00E58R4P11) Affected: Versions earlier than 10.0.0.194(C00E62R8P12) Affected: Versions earlier than 10.0.0.188(C00E62R2P11) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R3P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C786E160R3P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.0.0.187(C00E61R2P11)"
},
{
"status": "affected",
"version": "Versions earlier than 10.0.0.175(C00E58R4P11)"
},
{
"status": "affected",
"version": "Versions earlier than 10.0.0.194(C00E62R8P12)"
},
{
"status": "affected",
"version": "Versions earlier than 10.0.0.188(C00E62R2P11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T18:46:13",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R3P8)"
},
{
"version_value": "Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C786E160R3P8)"
},
{
"version_value": "Versions earlier than 10.0.0.187(C00E61R2P11)"
},
{
"version_value": "Versions earlier than 10.0.0.175(C00E58R4P11)"
},
{
"version_value": "Versions earlier than 10.0.0.194(C00E62R8P12)"
},
{
"version_value": "Versions earlier than 10.0.0.187(C00E61R2P11)"
},
{
"version_value": "Versions earlier than 10.0.0.188(C00E62R2P11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9244",
"datePublished": "2020-08-11T18:46:13",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:20.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9081 (GCVE-0-2020-9081)
Vulnerability from nvd – Published: 2024-12-27 09:34 – Updated: 2024-12-27 16:08
VLAI?
Summary
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | HUAWEI Mate 20 |
Affected:
Versions earlier than 10.1.0.160(C00E160R3P8)
Affected: Versions earlier than 10.1.0.160(C01E160R2P8) |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T16:07:50.855336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T16:08:00.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HUAWEI Mate 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R3P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C01E160R2P8)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HUAWEI P30",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HUAWEI P30 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C01E160R2P8)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Princeton-AL10D",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Yale-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R8P12)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Yale-AL50A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.88(C00E88R8P1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "YaleP-AL10B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R8P12)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.\u003c/p\u003e"
}
],
"value": "There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\n\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T09:34:40.332Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9081",
"datePublished": "2024-12-27T09:34:40.332Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-12-27T16:08:00.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22399 (GCVE-0-2021-22399)
Vulnerability from nvd – Published: 2021-07-13 11:37 – Updated: 2024-08-03 18:44
VLAI?
Summary
The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11).
Severity ?
No CVSS data available.
CWE
- Bluetooth Function Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
10.0.0.195(C432E22R2P5),10.0.0.200(C00E85R2P11),10.0.0.200(C461E6R3P1),10.0.0.201(C10E7R5P1),10.0.0.201(C185E4R7P1),10.0.0.206(C605E19R1P3),10.0.0.209(C636E6R3P4),10.0.0.210(C635E3R2P4),Versions earlier than 10.1.0.165(C01E165R2P11)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:12.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.0.0.195(C432E22R2P5),10.0.0.200(C00E85R2P11),10.0.0.200(C461E6R3P1),10.0.0.201(C10E7R5P1),10.0.0.201(C185E4R7P1),10.0.0.206(C605E19R1P3),10.0.0.209(C636E6R3P4),10.0.0.210(C635E3R2P4),Versions earlier than 10.1.0.165(C01E165R2P11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bluetooth Function Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T11:37:25",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "10.0.0.195(C432E22R2P5),10.0.0.200(C00E85R2P11),10.0.0.200(C461E6R3P1),10.0.0.201(C10E7R5P1),10.0.0.201(C185E4R7P1),10.0.0.206(C605E19R1P3),10.0.0.209(C636E6R3P4),10.0.0.210(C635E3R2P4),Versions earlier than 10.1.0.165(C01E165R2P11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bluetooth Function Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22399",
"datePublished": "2021-07-13T11:37:25",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:12.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22331 (GCVE-0-2021-22331)
Vulnerability from nvd – Published: 2021-04-28 12:19 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).
Severity ?
No CVSS data available.
CWE
- JavaScript Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JavaScript Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T12:19:09",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JavaScript Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22331",
"datePublished": "2021-04-28T12:19:09",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22330 (GCVE-0-2021-22330)
Vulnerability from nvd – Published: 2021-04-28 11:49 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal.
Severity ?
No CVSS data available.
CWE
- Out of Bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
9.1.0.131(C00E130R1P21)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1.0.131(C00E130R1P21)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of Bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T11:49:31",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "9.1.0.131(C00E130R1P21)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of Bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22330",
"datePublished": "2021-04-28T11:49:31",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22327 (GCVE-0-2021-22327)
Vulnerability from nvd – Published: 2021-04-28 11:19 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).
Severity ?
No CVSS data available.
CWE
- Arbitrary Memory Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
10.0.0.186(C10E7R5P1),10.0.0.186(C461E4R3P1),10.0.0.188(C00E85R2P11),10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3),10.0.0.190(C185E4R7P1),10.0.0.190(C431E22R2P5),10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3),10.0.0.190(C636E4R3P4),10.0.0.192(C635E3R2P4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.0.0.186(C10E7R5P1),10.0.0.186(C461E4R3P1),10.0.0.188(C00E85R2P11),10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3),10.0.0.190(C185E4R7P1),10.0.0.190(C431E22R2P5),10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3),10.0.0.190(C636E4R3P4),10.0.0.192(C635E3R2P4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Memory Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T11:19:52",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "10.0.0.186(C10E7R5P1),10.0.0.186(C461E4R3P1),10.0.0.188(C00E85R2P11),10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3),10.0.0.190(C185E4R7P1),10.0.0.190(C431E22R2P5),10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3),10.0.0.190(C636E4R3P4),10.0.0.192(C635E3R2P4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Memory Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22327",
"datePublished": "2021-04-28T11:19:52",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9203 (GCVE-0-2020-9203)
Vulnerability from nvd – Published: 2021-01-13 22:01 – Updated: 2024-08-04 10:19
VLAI?
Summary
There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.
Severity ?
No CVSS data available.
CWE
- Resource Management Errors
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
Versions earlier than 10.1.0.168(C00E168R2P11),Versions earlier than 10.1.0.168(C01E168R2P11),Versions earlier than 10.1.0.176(C635E4R2P4),Versions earlier than 10.1.0.177(C636E8R3P4),Versions earlier than 10.1.0.179(C10E8R5P1),Versions earlier than 10.1.0.179(C185E7R7P1),Versions earlier than 10.1.0.179(C605E23R1P3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.168(C00E168R2P11),Versions earlier than 10.1.0.168(C01E168R2P11),Versions earlier than 10.1.0.176(C635E4R2P4),Versions earlier than 10.1.0.177(C636E8R3P4),Versions earlier than 10.1.0.179(C10E8R5P1),Versions earlier than 10.1.0.179(C185E7R7P1),Versions earlier than 10.1.0.179(C605E23R1P3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer\u0027s use experience."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Management Errors",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:01:34",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.168(C00E168R2P11),Versions earlier than 10.1.0.168(C01E168R2P11),Versions earlier than 10.1.0.176(C635E4R2P4),Versions earlier than 10.1.0.177(C636E8R3P4),Versions earlier than 10.1.0.179(C10E8R5P1),Versions earlier than 10.1.0.179(C185E7R7P1),Versions earlier than 10.1.0.179(C605E23R1P3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer\u0027s use experience."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9203",
"datePublished": "2021-01-13T22:01:34",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:20.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9247 (GCVE-0-2020-9247)
Vulnerability from nvd – Published: 2020-12-07 12:49 – Updated: 2024-08-04 10:19
VLAI?
Summary
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.
Severity ?
No CVSS data available.
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | HONOR 20 PRO |
Affected:
unspecified , < 10.1.0.230(C432E9R5P1)
(custom)
Affected: unspecified , < 10.1.0.231(C10E3R3P2) (custom) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HONOR 20 PRO",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.230(C432E9R5P1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.231(C10E3R3P2)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI Mate 20",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R3P8)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI Mate 20 Pro",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.270(C432E7R1P5)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.270(C635E3R1P5)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.273(C185E7R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.273(C636E7R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.277(C10E7R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.277(C605E7R1P5)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI Mate 20 X",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R2P8)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI P30",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "9.1.0.272(C635E4R2P2)"
},
{
"lessThan": "10.1.0.123(C432E22R2P5)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C10E7R5P1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C185E4R7P1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C605E19R1P3)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C636E5R3P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.126(C636E7R3P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "HUAWEI P30 Pro",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R2P8)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Hima-L29C",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.273(C185E5R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.273(C636E5R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.275(C10E4R2P4)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Laya-AL00EP",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C786E160R3P8)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Princeton-AL10B",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R2P11)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Tony-AL00B",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R2P11)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Yale-L61A",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.225(C432E3R1P2)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "10.1.0.226(C10E3R1P1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Yale-TL00B",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C01E160R8P12)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "YaleP-AL10B",
"vendor": "Huawei",
"versions": [
{
"lessThan": "10.1.0.160(C00E160R8P12)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T12:49:00",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en"
}
],
"source": {
"advisory": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HONOR 20 PRO",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.230(C432E9R5P1)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.231(C10E3R3P2)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R3P8)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.270(C432E7R1P5)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.270(C635E3R1P5)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.273(C185E7R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.273(C636E7R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.277(C10E7R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.277(C605E7R1P5)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 X",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R2P8)"
}
]
}
},
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.1.0.272(C635E4R2P2)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.123(C432E22R2P5)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C10E7R5P1)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C185E4R7P1)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C605E19R1P3)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C636E5R3P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.126(C636E7R3P4)"
}
]
}
},
{
"product_name": "HUAWEI P30 Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R2P8)"
}
]
}
},
{
"product_name": "Hima-L29C",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.273(C185E5R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.273(C636E5R2P4)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.275(C10E4R2P4)"
}
]
}
},
{
"product_name": "Laya-AL00EP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C786E160R3P8)"
}
]
}
},
{
"product_name": "Princeton-AL10B",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R2P11)"
}
]
}
},
{
"product_name": "Tony-AL00B",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R2P11)"
}
]
}
},
{
"product_name": "Yale-L61A",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.225(C432E3R1P2)"
},
{
"version_affected": "\u003c",
"version_value": "10.1.0.226(C10E3R1P1)"
}
]
}
},
{
"product_name": "Yale-TL00B",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C01E160R8P12)"
}
]
}
},
{
"product_name": "YaleP-AL10B",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.1.0.160(C00E160R8P12)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en"
}
]
},
"source": {
"advisory": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9247",
"datePublished": "2020-12-07T12:49:00",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:20.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9263 (GCVE-0-2020-9263)
Vulnerability from nvd – Published: 2020-10-19 19:57 – Updated: 2024-08-04 10:26
VLAI?
Summary
HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.
Severity ?
No CVSS data available.
CWE
- Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI Mate 30;HUAWEI P30 |
Affected:
Versions earlier than 10.1.0.150(C00E136R5P3)
Affected: Versions earlier than 10.1.0.160(C00E160R2P11) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:14.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 30;HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.150(C00E136R5P3)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-19T19:57:15",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 30;HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.150(C00E136R5P3)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9263",
"datePublished": "2020-10-19T19:57:15",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:26:14.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9104 (GCVE-0-2020-9104)
Vulnerability from nvd – Published: 2020-08-21 13:16 – Updated: 2024-08-04 10:19
VLAI?
Summary
HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI P30 |
Affected:
Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI P30",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T13:16:29",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9104",
"datePublished": "2020-08-21T13:16:29",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9244 (GCVE-0-2020-9244)
Vulnerability from nvd – Published: 2020-08-11 18:46 – Updated: 2024-08-04 10:19
VLAI?
Summary
HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged
Severity ?
No CVSS data available.
CWE
- Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20 |
Affected:
Versions earlier than 10.1.0.160(C00E160R3P8)
Affected: Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4) Affected: Versions earlier than 10.1.0.160(C00E160R2P8) Affected: Versions earlier than 10.1.0.160(C00E160R2P11) Affected: Versions earlier than 10.1.0.160(C786E160R3P8) Affected: Versions earlier than 10.0.0.187(C00E61R2P11) Affected: Versions earlier than 10.0.0.175(C00E58R4P11) Affected: Versions earlier than 10.0.0.194(C00E62R8P12) Affected: Versions earlier than 10.0.0.188(C00E62R2P11) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R3P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.160(C786E160R3P8)"
},
{
"status": "affected",
"version": "Versions earlier than 10.0.0.187(C00E61R2P11)"
},
{
"status": "affected",
"version": "Versions earlier than 10.0.0.175(C00E58R4P11)"
},
{
"status": "affected",
"version": "Versions earlier than 10.0.0.194(C00E62R8P12)"
},
{
"status": "affected",
"version": "Versions earlier than 10.0.0.188(C00E62R2P11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T18:46:13",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R3P8)"
},
{
"version_value": "Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"version_value": "Versions earlier than 10.1.0.160(C786E160R3P8)"
},
{
"version_value": "Versions earlier than 10.0.0.187(C00E61R2P11)"
},
{
"version_value": "Versions earlier than 10.0.0.175(C00E58R4P11)"
},
{
"version_value": "Versions earlier than 10.0.0.194(C00E62R8P12)"
},
{
"version_value": "Versions earlier than 10.0.0.187(C00E61R2P11)"
},
{
"version_value": "Versions earlier than 10.0.0.188(C00E62R2P11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9244",
"datePublished": "2020-08-11T18:46:13",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:20.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}