Note:
This project will be discontinued after December 13, 2021. [more]
Product:
P30_firmware
(Huawei)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-07 | CVE-2020-9247 | There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B,... | Hima\-L29c_firmware, Honor_20_pro_firmware, Laya\-Al00ep_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_x_firmware, P30_firmware, P30_pro_firmware, Princeton\-Al10b_firmware, Tony\-Al00b_firmware, Yale\-L61a_firmware, Yale\-Tl00b_firmware, Yalep\-Al10b_firmware | 7.8 | ||
| 2020-10-19 | CVE-2020-9263 | HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution. | Mate_30_firmware, P30_firmware | 7.8 | ||
| 2020-08-21 | CVE-2020-9104 | HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a... | P30_firmware | N/A | ||
| 2020-07-06 | CVE-2020-9226 | HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. | P30_firmware | N/A | ||
| 2020-06-15 | CVE-2020-9076 | HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. | P30_firmware, P30_pro_firmware, Tony\-Al00b_firmware | N/A | ||
| 2020-06-18 | CVE-2020-1834 | HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. | P30_firmware, P30_pro_firmware | N/A | ||
| 2020-05-29 | CVE-2020-1798 | HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege. | P30_firmware | N/A | ||
| 2020-04-27 | CVE-2019-5303 | There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)... | Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware | N/A | ||
| 2020-04-27 | CVE-2019-5302 | There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)... | Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware | N/A | ||
| 2020-02-18 | CVE-2020-1812 | HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. | P30_firmware | N/A |