Filtered by vendor Huawei
Subscribe
Search
Total
578 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22398 | 1 Huawei | 8 Hulk-al00c, Hulk-al00c Firmware, Jennifer-an00c and 5 more | 2021-08-11 | 2.1 LOW | 4.6 MEDIUM |
| There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1). | |||||
| CVE-2021-22419 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. | |||||
| CVE-2021-22417 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage. | |||||
| CVE-2021-22424 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. | |||||
| CVE-2019-5226 | 1 Huawei | 8 Hisuite, Hisuite Firmware, Mate 20 and 5 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. | |||||
| CVE-2020-1837 | 1 Huawei | 2 Changxiang 8 Plus, Changxiang 8 Plus Firmware | 2021-07-21 | 2.9 LOW | 5.3 MEDIUM |
| ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition. | |||||
| CVE-2020-9260 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. | |||||
| CVE-2020-9258 | 1 Huawei | 2 P30, P30 Firmware | 2021-07-21 | 1.9 LOW | 5.5 MEDIUM |
| HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak. | |||||
| CVE-2020-9239 | 1 Huawei | 26 Berkeley-l09, Berkeley-l09 Firmware, Bla-a09 and 23 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab | |||||
| CVE-2020-1848 | 1 Huawei | 2 Jackman-al00d, Jackman-al00d Firmware | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally. | |||||
| CVE-2020-9229 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | |||||
| CVE-2020-9235 | 1 Huawei | 20 Honor 20 Pro, Honor 20 Pro Firmware, Honor View 20 and 17 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. | |||||
| CVE-2020-9245 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function. | |||||
| CVE-2020-1855 | 1 Huawei | 12 Hege-560, Hege-560 Firmware, Hege-570 and 9 more | 2021-07-21 | 3.6 LOW | 6.1 MEDIUM |
| Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal. | |||||
| CVE-2020-9244 | 1 Huawei | 20 Honor 20, Honor 20 Firmware, Honor 20 Pro and 17 more | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged | |||||
| CVE-2020-1814 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2021-07-21 | 3.5 LOW | 5.3 MEDIUM |
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal. | |||||
| CVE-2020-9092 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. | |||||
| CVE-2020-9248 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. | |||||
| CVE-2020-9249 | 1 Huawei | 2 P30, P30 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11). | |||||
| CVE-2020-1785 | 1 Huawei | 8 Honor 10, Honor 10 Firmware, Honor V10 and 5 more | 2021-07-21 | 7.1 HIGH | 5.5 MEDIUM |
| Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone. | |||||
| CVE-2020-1835 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. | |||||
| CVE-2020-9246 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. | |||||
| CVE-2020-9199 | 1 Huawei | 6 B2368-22, B2368-22 Firmware, B2368-57 and 3 more | 2021-07-21 | 7.7 HIGH | 6.8 MEDIUM |
| B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. | |||||
| CVE-2019-5245 | 1 Huawei | 1 Hisuite | 2021-07-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. | |||||
| CVE-2020-1845 | 1 Huawei | 1 Pcmanager | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. | |||||
| CVE-2019-19441 | 1 Huawei | 2 P30, P30 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak. | |||||
| CVE-2019-5227 | 1 Huawei | 8 Hisuite, Hisuite Firmware, Mate 20 and 5 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. | |||||
| CVE-2020-1857 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage. | |||||
| CVE-2019-5211 | 1 Huawei | 2 P20, P20 Firmware | 2021-07-21 | 4.3 MEDIUM | 5.7 MEDIUM |
| The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. | |||||
| CVE-2020-9127 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. | |||||
| CVE-2019-5284 | 1 Huawei | 2 Leland-al00a, Leland-al00a Firmware | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004) | |||||
| CVE-2020-9129 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow. | |||||
| CVE-2020-9110 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. | |||||
| CVE-2020-1883 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. | |||||
| CVE-2020-9143 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure. | |||||
| CVE-2020-1803 | 1 Huawei | 2 Honor V20, Honor V20 Firmware | 2021-07-21 | 2.9 LOW | 5.3 MEDIUM |
| Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. | |||||
| CVE-2020-1861 | 1 Huawei | 2 Cloudengine 12800, Cloudengine 12800 Firmware | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. | |||||
| CVE-2020-1872 | 1 Huawei | 2 P10 Plus, P10 Plus Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. | |||||
| CVE-2020-9069 | 1 Huawei | 36 Anne-al00, Anne-al00 Firmware, Berkeley-l09 and 33 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than 9.1.0.331(C675E9R1P3T8); Berkeley-L09 Versions earlier than 10.0.1.1(C675R1); CD16-10 Versions earlier than 10.0.2.8; CD17-10 Versions earlier than 10.0.2.8; CD17-16 Versions earlier than 10.0.2.8; CD18-10 Versions earlier than 10.0.2.8; CD18-16 Versions earlier than 10.0.2.8; Columbia-TL00B Versions earlier than 9.0.0.187(C01E181R1P20T8); E6878-370 Versions earlier than 10.0.5.1(H610SP10C00); HUAWEI P30 lite Versions earlier than 10.0.0.185(C605E3R1P3), Versions earlier than 10.0.0.197(C432E8R2P7); HUAWEI nova 4e Versions earlier than 10.0.0.158(C00E64R1P9); Honor 10 Lite 9.0.1.113(C675E11R1P12); LelandP-L22A Versions earlier than 9.1.0.166(C675E5R1P4T8); Marie-AL00AX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00AY Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00BX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-L03BX Versions earlier than 10.0.0.188(C605E5R1P1); Marie-L21BX Versions earlier than 10.0.0.188(C432E4R4P1), Versions earlier than 10.0.0.188(C461E5R3P1); Marie-L22BX Versions earlier than 10.0.0.188(C636E3R3P1); Marie-L23BX Versions earlier than 10.0.0.188(C605E5R1P1); TC5200-16 Versions earlier than 10.0.2.8; WS5200-11 Versions earlier than 10.0.2.8; WS5200-12 Versions earlier than 10.0.2.23; WS5200-16 Versions earlier than 10.0.2.8; WS5200-17 Versions earlier than 10.0.2.23; WS5800-10 Versions earlier than 10.0.3.27; WS6500-10 Versions earlier than 10.0.2.8; WS6500-16 Versions earlier than 10.0.2.8 | |||||
| CVE-2020-1801 | 1 Huawei | 4 Mate 30, Mate 30 Firmware, Mate 30 Pro and 1 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2). | |||||
| CVE-2020-9070 | 1 Huawei | 2 Taurus-al00b, Taurus-al00b Firmware | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit may cause some information disclosure. | |||||
| CVE-2020-9106 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. | |||||
| CVE-2020-1843 | 1 Huawei | 10 Hege-560, Hege-560 Firmware, Osca-550 and 7 more | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. | |||||
| CVE-2019-5290 | 1 Huawei | 4 S5700, S5700 Firmware, S6700 and 1 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal. | |||||
| CVE-2020-1826 | 1 Huawei | 2 Honor Magic2, Honor Magic2 Firmware | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information. | |||||
| CVE-2020-1813 | 1 Huawei | 2 P30, P30 Firmware | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations. | |||||
| CVE-2020-9072 | 1 Huawei | 2 Osd, Osd Firmware | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. | |||||
| CVE-2020-1836 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2021-07-21 | 2.9 LOW | 5.3 MEDIUM |
| HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. | |||||
| CVE-2019-5293 | 1 Huawei | 32 Ar120-s, Ar120-s Firmware, Ar1200 and 29 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal. | |||||
| CVE-2020-9208 | 1 Huawei | 1 Imanager Neteco 6000 | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. | |||||