CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-22400
https://notcve.org/view.php?id=CVE-2021-22400
Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Affected product include:OxfordS-AN00A 10.0.1.10(C00E10R1P1),10.0.1.105(C00E103R3P3),10.0.1.115(C00E110R3P3),10.0.1.123(C00E121R3P3),10.0.1.135(C00E130R3P3),10.0.1.135(C00E130R4P1),10.0.1.152(C00E140R4P1),10.0.1.160(C00E160R4P1),10.0.1.167(C00E166R4P1),10.0.1.173(C00E172R5P1),10.0.1.178(C00E175R5P1) and 10.1.0.202(C00E79R5P1). Algunos smartphones Huawei presentan una vulnerabilidad de comprobación de entrada insuficiente debido a una falta de comprobación de parámetros. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210721-01-phones-en • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-9235
https://notcve.org/view.php?id=CVE-2020-9235
Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. Los teléfonos inteligentes Huawei HONOR 20 PRO Versiones anteriores a 10.1.0.230(C432E9R5P1), Versiones anteriores a 10.1.0.231(C10E3R3P2), Versiones anteriores a 10.1.0.231(C185E3R5P1), Versiones anteriores a 10.1.0.231(C636E3R3P1); Versiones anteriores a 10.1. 0.212(C432E10R3P4), Versiones anteriores a 10.1.0.213(C636E3R4P3), Versiones anteriores a 10.1.0.214(C10E5R4P3), Versiones anteriores a 10.1.0.214(C185E3R3P3); Versiones anteriores a 10.1.0.212(C00E210R5P1); Versiones anteriores a 10.1.0.212(C00E210R5P1). 0.160(C00E160R2P11); Versiones anteriores a 10.1.0.160(C00E160R2P11); Versiones anteriores a 10.1.0.160(C01E160R2P11); Versiones anteriores a 10.1.0.160(C00E160R2P11); Versiones anteriores a 10.1.0.160(C00E160R8P12); Versiones anteriores a 10.1.0.160(C00E160R8P12); Versiones anteriores a 10.1.0.230(C432E9R5P1), Versiones anteriores a 10.1.0.231(C10E3R3P2), Versiones anteriores a 10.1.0.231(C636E3R3P1); Versiones anteriores a 10.1.0.225 (C431E3R1P2), Versiones anteriores a 10.1.0.225(C432E3R1P2), contienen una vulnerabilidad de información. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1878
https://notcve.org/view.php?id=CVE-2020-1878
Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. El teléfono inteligente Huawei OxfordS-AN00A con versiones anteriores a 10.0.1.152D(C735E152R3P3), versiones anteriores a 10.0.1.160(C00E160R4P1), presentan una vulnerabilidad de autenticación inapropiada. La autenticación en el componente objetivo es inapropiada cuando el dispositivo lleva a cabo una operación. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-informationleak-en • CWE-287: Improper Authentication •