CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5229
https://notcve.org/view.php?id=CVE-2019-5229
12 Nov 2019 — P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. Teléfonos Inteligentes P30 con versiones anteriores a ELLE-AL00B 9.1.0.193(C00E190R2P1), presentan una vulnerabilidad de comprobación insuficiente. El sistema no comprueba ciertos par... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-02-smartphone-en • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5228
https://notcve.org/view.php?id=CVE-2019-5228
12 Nov 2019 — Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5307
https://notcve.org/view.php?id=CVE-2019-5307
04 Jun 2019 — Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-replay-en • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5215
https://notcve.org/view.php?id=CVE-2019-5215
04 Jun 2019 — There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109) Existe una vulnerab... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en •