Input validation

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186C10E7R5P1,...

CVE-2021-22327

This CVE (CVE-2021-22327) is associated with Huawei P30 smartphones. The issue is an arbitrary memory write vulnerability that occurs when processing file parsing due to insufficient validation of input files, potentially causing a service abnormality. Affected Huawei P30 variants include multipl...

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

The leader of Mexicos Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexicos top tourist destinations over the past five years. The scandal is the latest fallo...

Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone

There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and make information leak. Vulnerability ID:...

Security Advisory - Insufficient Authentication Vulnerabilities in Some Huawei Smart Phone Product

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...

Security Advisory - Stack Overflow Vulnerability in Huawei Smart Phone Product

There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. Vulnerability ID: HWPSIRT-2019-11030 This...

Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone

There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability. Vulnerability ID: HWPSIRT-2019-12405 This...

CVE-2019-5287

CVE-2019-5287 affects Huawei P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193 (C00E190R2P1). The issue is an integer overflow caused by insufficient parameter validation in the camera program, potentially allowing an attacker who tricks the user into installing a malicious app with...

CVE-2017-17224

Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206C00E205R3P1 have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal...

CVE-2018-7961

There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak...

CVE-2018-7944

Huawei smart phones Emily-AL00A with software 8.1.0.106SP2C00 and 8.1.0.107SP5C00 have a Factory Reset Protection FRP bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP...

Memory corruption

Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356C00 has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter t...

CVE-2017-17173

Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356C00 has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter t...

Authentication flaw

Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129SP2C00 and earlier versions than 8.0.0.129SP2C01 have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations...

Security Advisory - Integer overflow Vulnerability in Bdat Driver of Huawei Smart Phone

The Bdat driver of some Huawei smart phones has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can send a specific parameter to the driver of the smart phone, causing...

Stack overflow

Touchscreen drive in Huawei H60 Honor 6 Versions earlier than H60-L026.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive...

CVE-2016-8783

Touchscreen drive in Huawei H60 Honor 6 Versions earlier than H60-L026.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive...

Security Advisory - DoS Vulnerability in Some Huawei Smart Phones

Some Huawei smart phones have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System InformationSI messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart...

CVE-2017-8183

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any...

Buffer overflow

The emergdata driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter t...