Page 4 of 37 results (0.007 seconds)

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. HUAWEI P30 y HUAWEI P30 Pro con versiones anteriores a 10.1.0.135(C00E135R2P11) y versiones anteriores a 10.1.0.135(C00E135R2P8), presentan una vulnerabilidad de comprobación de integridad insuficiente. El sistema no comprueba suficientemente la integridad de determinados paquetes de software. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200617-01-smartphone-en • CWE-354: Improper Validation of Integrity Check Value •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. Los teléfonos inteligentes HUAWEI P30; HUAWEI P30 Pro; Tony-AL00B con versiones anteriores a 10.1.0.135(C00E135R2P11); versiones anteriores a 10.1.0.135(C00E135R2P8),versiones anteriores a 10.1.0.135, presentan una vulnerabilidad de autenticación inapropiada. Debido a que la identidad del remitente del mensaje no está siendo verificada apropiadamente, un atacante puede explotar esta vulnerabilidad por medio de un ataque de tipo man-in-the-middle para inducir a un usuario a acceder a una URL maliciosa • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations. El teléfono inteligente HUAWEI P30 con versiones anteriores a 10.1.0.135(C00E135R2P11), presenta una vulnerabilidad de autenticación inapropiada. Debido a una autenticación inapropiada de una interfaz específica, en un escenario específico, los atacantes podrían acceder a una interfaz determinada sin autenticación. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-04-smartphone-en • CWE-306: Missing Authentication for Critical Function •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege. Los teléfonos inteligentes HUAWEI P30 con versiones anteriores a 10.1.0.135(C00E135R2P11), presentan una vulnerabilidad de autenticación inapropiada. Se produce un error lógico cuando se maneja el trabajo de NFC, un atacante debe establecer una conexión NFC con el teléfono objetivo, y luego hacer una serie de operaciones en el mismo. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-02-smartphone-en • CWE-287: Improper Authentication •

CVSS: 5.3EPSS: 0%CPEs: 150EXPL: 0

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en • CWE-20: Improper Input Validation •