Prague-AL00A,Prague-AL00B,Prague-AL00C,Prague-TL00A,Prague-TL10A Security Vulnerabilities
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without...
2.4CVSS
4.6AI Score
0.001EPSS
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
There is a privilege escalation vulnerability in the ioctl handlers of the Mediatek CMDQ driver. Local attackers can exploit this vulnerability to read and write to the system memory. Successful exploit may lead to local escalation of privilege. (Vulnerability ID: HWPSIRT-2020-03106) This...
7.8CVSS
7.2AI Score
0.001EPSS
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. (Vulnerability....
4.6CVSS
4.3AI Score
0.001EPSS
Security Advisory - Information Leakage Vulnerability in Some Huawei Products
There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. (Vulnerability ID: HWPSIRT-2020-02166) This vulnerability has been assigned a Common....
6.5CVSS
6AI Score
0.001EPSS
Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones
There is an out of bound read vulnerability in several smartphones. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. (Vulnerability ID:...
7.1CVSS
6.1AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
4.6AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
5.9AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
6.3AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
4.4AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
5.7AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
4.6AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
6.3AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
4.4AI Score
0.001EPSS
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device...
5.5CVSS
5.4AI Score
0.001EPSS
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device...
5.5CVSS
5.4AI Score
0.001EPSS
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device...
5.5CVSS
5.3AI Score
0.001EPSS
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device...
5.4AI Score
0.001EPSS
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application...
5.5CVSS
5.2AI Score
0.001EPSS
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application...
5.5CVSS
5.2AI Score
0.001EPSS
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application...
5.5CVSS
5.2AI Score
0.001EPSS
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application...
5.3AI Score
0.001EPSS
Security Advisory - Denial of Service Vulnerability on Huawei Smartphone
There is an denial of service vulnerability on some Huawei smartphone. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal. (Vulnerability ID: HWPSIRT-2019-12057) This...
5.5CVSS
5.4AI Score
0.001EPSS
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2020-01073) This...
5.5CVSS
5.3AI Score
0.001EPSS
Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the...
5.5CVSS
5.3AI Score
0.0004EPSS
Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the...
5.5CVSS
5.3AI Score
0.0004EPSS
Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the...
5.5CVSS
5.3AI Score
0.0004EPSS
Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the...
5.3AI Score
0.0004EPSS
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
There is a use-after-free (UAF) vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-12405) This.....
5.5CVSS
5.2AI Score
0.0004EPSS
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. (Vulnerability ID: HWPSIRT-2019-12128 and...
4.6CVSS
5.7AI Score
0.001EPSS
Security Advisory - Information Leakage Vulnerability in Motion Sensor
Motion sensor in some Huawei smart phones has an information leakage vulnerability. An attacker may exploit this vulnerability to obtain specific information from the motion sensor through an APP installed on the smart phone and track the user. Successful exploit may cause information leak....
3.3CVSS
6.3AI Score
0.0004EPSS
Security Advisory - Improper Authorization Vulnerability in Several Huawei Smart Phones
Some Huawei mobile phones have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. (Vulnerability ID: HWPSIRT-2019-08002) This vulnerability has been assigned a Common Vulnerabilities and...
4.6CVSS
5.1AI Score
0.001EPSS
Security Advisory - Page-Cache Side-Channel Vulnerability
There is a vlunerability in the mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13. An attacker could exploit this vulnerability to conduct a page-cache side-channel attack, allowing the attacker to view page-cache access patterns of other processes on the system. A...
5.5CVSS
6.4AI Score
0.0004EPSS
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is a Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. As.....
4.6CVSS
5AI Score
0.001EPSS
Security Advisory - Denial of Service Vulnerability in Several Smartphones
There is a denial of service vulnerability in several smartphones. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone....
5.5CVSS
5.3AI Score
0.001EPSS
Security Advisory - Integer Overflow Vulnerability in the Linux Kernel (SACK Panic)
An integer overflow vulnerability was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. A remote attacker could use this to cause a denial of service. (Vulnerability ID: HWPSIRT-2019-06130) This vulnerability has been assigned a Common....
7.5CVSS
1.7AI Score
0.972EPSS
Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products
There is an insufficient input validation vulnerability in some Huawei products. Due to incorrect input validation logic, a high-privilege attacker should bypass the device security detection mechanism, then modify the memory of the device by doing a series of operations. Successful exploit may...
9.8CVSS
8.9AI Score
0.002EPSS
Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the affected phone...
8.8CVSS
8.8AI Score
0.001EPSS
Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the affected phone...
8.8CVSS
8.6AI Score
0.001EPSS
Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the affected phone...
8.8CVSS
8.7AI Score
0.001EPSS
Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the affected phone...
8.8AI Score
0.001EPSS
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Smart Phones
There is a buffer overflow vulnerability in some Huawei smart phones. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. (Vulnerability ID: HWPSIRT-2019-09447) This...
8.8CVSS
8.2AI Score
0.001EPSS
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be...
5.3CVSS
5.2AI Score
0.001EPSS
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be...
5.3CVSS
5.2AI Score
0.001EPSS
Security Advisory - Denial of Service Vulnerability on Some Huawei Smartphones
There is a denial of service vulnerability on some Huawei smartphones. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability....
6.5CVSS
6.1AI Score
0.001EPSS
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in certain Huawei smartphones. The software does not properly handle certain information of application locked by applock in a rare condition, successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2018-08142) This...
4.6CVSS
4.4AI Score
0.001EPSS
Security Advisory - Improper Authentication Vulnerability in Smartphones
There is an improper authentication vulnerability in smartphones. The applock does not perform a sufficient authentication in a rare condition, successful exploit could allow the attacker to use the application locked by applock in an instant. (Vulnerability ID: HWPSIRT-2019-04103) This...
3.5CVSS
4.7AI Score
0.001EPSS
Security Advisory - Path Traversal Vulnerability in Several Smartphones
There is a path traversal vulnerability in several smartphones. The system does not sufficiently validate certain pathname from the application, an attacker should trick the user into installing, backing up and restoring a malicious application, successful exploit could cause information...
5.5CVSS
5.1AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application,...
5.5CVSS
5.1AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application,...
5.5CVSS
5.1AI Score
0.001EPSS
P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not...
7.8CVSS
7.9AI Score
0.001EPSS