Note:
This project will be discontinued after December 13, 2021. [more]
Product:
P20_firmware
(Huawei)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 13 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-11-29 | CVE-2019-5211 | The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. | P20_firmware | 5.7 | ||
2020-09-11 | CVE-2020-9239 | Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions... | Berkeley\-L09_firmware, Bla\-A09_firmware, Bla\-Tl00b_firmware, Duke\-L09_firmware, Jimmy\-Al00a_firmware, Lon\-L29d_firmware, Neo\-Al00d_firmware, P20_firmware, P20_pro_firmware, Stanford\-Al00_firmware, Toronto\-Al00_firmware, Toronto\-Al00a_firmware, Toronto\-Tl10_firmware | 5.5 | ||
2020-05-15 | CVE-2020-9073 | Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. | P20_firmware | N/A | ||
2020-04-27 | CVE-2019-5303 | There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)... | Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware | N/A | ||
2020-04-27 | CVE-2019-5302 | There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)... | Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware | N/A | ||
2019-11-29 | CVE-2019-5212 | There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure. | P20_firmware | N/A | ||
2019-11-13 | CVE-2019-5230 | P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get... | Mate_rs_firmware, P20_firmware, P20_pro_firmware | N/A | ||
2019-06-04 | CVE-2019-5306 | There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone. | P20_firmware | 4.6 | ||
2019-06-04 | CVE-2019-5283 | There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8). When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a result, the FRP function is bypassed. | P20_firmware | 4.6 | ||
2018-12-04 | CVE-2018-7987 | There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition. | P20_firmware | 5.9 |