CVE-2021-22440
https://notcve.org/view.php?id=CVE-2021-22440
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1). Se presenta una vulnerabilidad de salto de ruta en algunos productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-pathtraversal-en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-9247
https://notcve.org/view.php?id=CVE-2020-9247
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B. Se presenta una vulnerabilidad de desbordamiento del búfer en varios productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-9109
https://notcve.org/view.php?id=CVE-2020-9109
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11). Se presenta una vulnerabilidad de divulgación de información en varios teléfonos inteligentes. El dispositivo no comprueba suficientemente la identidad del dispositivo portátil inteligente en determinado escenario específico, el atacante necesita obtener determinada información en el teléfono inteligente de la víctima para iniciar el ataque, y una explotación con éxito podría causar una divulgación de información. Las versiones del producto afectadas incluyen: HUAWEI Mate 20 versiones anteriores a 10.1.0.160(C00E160R3P8), versiones anteriores a 10.1.0.160(C01E160R2P8); HUAWEI Mate 20 X versiones anteriores a 10.1.0.160(C00E160R2P8), versiones anteriores a 10.1.0.160(C01E160R2P8); Dispositivos HUAWEI P30 Pro versiones anteriores a 10.1.0.160(C00E160R2P8); Laya-AL00EP versiones anteriores a 10.1.0.160(C786E160R3P8); Tony-AL00B versiones anteriores a 10.1.0.160(C00E160R2P11); Tony-TL00B versiones anteriores a 10.1.0.160(C01E160R2P11) • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en • CWE-287: Improper Authentication •
CVE-2019-5235
https://notcve.org/view.php?id=CVE-2019-5235
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal. Algunos teléfonos inteligentes Huawei tienen una vulnerabilidad de desreferencia del puntero null. Un atacante crea paquetes específicos y los envía al producto afectado para explotar esta vulnerabilidad. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en • CWE-476: NULL Pointer Dereference •