CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5227
https://notcve.org/view.php?id=CVE-2019-5227
29 Nov 2019 — P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Los teléfonos inteligentes P30, P30 Pro... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5225
https://notcve.org/view.php?id=CVE-2019-5225
29 Nov 2019 — P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution. Los teléfon... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-02-smartphone-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5226
https://notcve.org/view.php?id=CVE-2019-5226
29 Nov 2019 — P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Los teléfonos inteligentes P30, P30 Pro... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5228
https://notcve.org/view.php?id=CVE-2019-5228
12 Nov 2019 — Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5307
https://notcve.org/view.php?id=CVE-2019-5307
04 Jun 2019 — Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5215
https://notcve.org/view.php?id=CVE-2019-5215
04 Jun 2019 — There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109) Existe una vulnerab... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en •