P20_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
P20_firmware
(Huawei)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	12

Date	Id	Summary	Products	Score	Patch	Annotated
2020-02-13	CVE-2020-0022	In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715	Android, Honor_8a_firmware, Honor_8x_firmware, Honor_view_20_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_x_firmware, Mate_30_5g_firmware, Mate_30_firmware, Mate_30_pro_5g_firmware, Mate_30_pro_firmware, Nova_3_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, P_smart_2019_firmware, P_smart_firmware, Y6_2019_firmware, Y6_pro_2019_firmware, Y9_2019_firmware	8.8
2019-08-14	CVE-2019-9506	The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.	Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Android, Alp\-Al00b_firmware, Ares\-Al00b_firmware, Ares\-Al10d_firmware, Ares\-Tl00c_firmware, Asoka\-Al00ax_firmware, Atomu\-L33_firmware, Atomu\-L41_firmware, Atomu\-L42_firmware, Barca\-Al00_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Berkeley\-Tl10_firmware, Bla\-Al00b_firmware, Bla\-L29c_firmware, Bla\-Tl00b_firmware, Cairogo\-L22_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-Al10i_firmware, Columbia\-L29d_firmware, Columbia\-Tl00d_firmware, Cornell\-Al00a_firmware, Cornell\-Al00i_firmware, Cornell\-Al00ind_firmware, Cornell\-Al10ind_firmware, Cornell\-L29a_firmware, Cornell\-Tl10b_firmware, Dubai\-Al00a_firmware, Dura\-Al00a_firmware, Dura\-Tl00a_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Figo\-L23_firmware, Figo\-L31_firmware, Figo\-Tl10b_firmware, Florida\-Al20b_firmware, Florida\-L21_firmware, Florida\-L22_firmware, Florida\-L23_firmware, Florida\-Tl10b_firmware, Harry\-Al00c_firmware, Harry\-Al10b_firmware, Harry\-Tl00c_firmware, Hima\-L29c_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_20_pro_firmware, Honor_8a_firmware, Honor_8x_firmware, Honor_view_10_firmware, Honor_view_20_firmware, Imanager_neteco_6000_firmware, Imanager_neteco_firmware, Jakarta\-Al00a_firmware, Johnson\-Tl00d_firmware, Johnson\-Tl00f_firmware, Katyusha\-Al00a_firmware, Laya\-Al00ep_firmware, Leland\-L21a_firmware, Leland\-L31a_firmware, Leland\-L32a_firmware, Leland\-L32c_firmware, Leland\-L42a_firmware, Leland\-L42c_firmware, Leland\-Tl10b_firmware, Leland\-Tl10c_firmware, Lelandp\-Al00c_firmware, Lelandp\-Al10b_firmware, Lelandp\-Al10d_firmware, Lelandp\-L22a_firmware, Lelandp\-L22c_firmware, Lelandp\-L22d_firmware, London\-Al40ind_firmware, Madrid\-Al00a_firmware, Madrid\-Tl00a_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_x_firmware, Neo\-Al00d_firmware, Nova_3_firmware, Nova_4_firmware, Nova_5_firmware, Nova_5i_pro_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, P_smart_2019_firmware, P_smart_firmware, Paris\-Al00ic_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Potter\-Al00c_firmware, Potter\-Al10a_firmware, Princeton\-Al10b_firmware, Princeton\-Al10d_firmware, Princeton\-Tl10c_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydney\-Tl00_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Tony\-Al00b_firmware, Tony\-Tl00b_firmware, Y5_2018_firmware, Y5_lite_firmware, Y6_2019_firmware, Y6_prime_2018_firmware, Y6_pro_2019_firmware, Y7_2019_firmware, Y9_2019_firmware, Yale\-Al00a_firmware, Yale\-Al50a_firmware, Yale\-L21a_firmware, Yale\-L61c_firmware, Yale\-Tl00b_firmware, Yalep\-Al10b_firmware, Leap, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_eus, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_tus, Mrg_realtime, Virtualization_host_eus	8.1
2019-11-29	CVE-2019-5211	The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted.	P20_firmware	5.7
2020-09-11	CVE-2020-9239	Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions...	Berkeley\-L09_firmware, Bla\-A09_firmware, Bla\-Tl00b_firmware, Duke\-L09_firmware, Jimmy\-Al00a_firmware, Lon\-L29d_firmware, Neo\-Al00d_firmware, P20_firmware, P20_pro_firmware, Stanford\-Al00_firmware, Toronto\-Al00_firmware, Toronto\-Al00a_firmware, Toronto\-Tl10_firmware	5.5
2020-05-15	CVE-2020-9073	Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function.	P20_firmware	N/A
2020-04-27	CVE-2019-5303	There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)...	Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware	N/A
2020-04-27	CVE-2019-5302	There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)...	Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware	N/A
2019-11-29	CVE-2019-5212	There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.	P20_firmware	N/A
2019-11-13	CVE-2019-5230	P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get...	Mate_rs_firmware, P20_firmware, P20_pro_firmware	N/A
2019-06-04	CVE-2019-5306	There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone.	P20_firmware	4.6