Product:

P30_pro_firmware

(Huawei)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 27
Date Id Summary Products Score Patch Annotated
2019-11-29 CVE-2019-5227 P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. Hisuite_firmware, Mate_20_firmware, P30_firmware, P30_pro_firmware 5.5
2020-04-27 CVE-2019-5303 There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)... Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware N/A
2020-04-27 CVE-2019-5302 There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)... Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware N/A
2019-12-13 CVE-2019-5251 There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure. Enjoy_7s_firmware, Honor_20s_firmware, Honor_9_lite_firmware, Honor_9i_firmware, Honor_v10_firmware, M6_firmware, Mate_20_firmware, P30_firmware, P30_pro_firmware N/A
2019-11-29 CVE-2019-5225 P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution. Mate_20_firmware, P30_firmware, P30_pro_firmware N/A
2019-06-04 CVE-2019-5307 Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to... P30_firmware, P30_pro_firmware 4.2
2019-06-04 CVE-2019-5215 There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109) P30_firmware, P30_pro_firmware 6.8