Tony-al00b Firmware Security Vulnerabilities and Issues — Tony-al00b Firmware CVE List

Lucene search

HuaweiTony-al00b Firmware

9 matches found

CVE•added 2019/10/11 7:15 p.m.•1367 views

CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network f...

7.8CVSS7.5AI score0.4903EPSS

CVE•added 2020/03/10 8:15 p.m.•1064 views

CVE-2020-0069

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...

7.8CVSS7.8AI score0.01303EPSS

CVE•added 2019/08/14 5:15 p.m.•451 views

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary cipher...

8.1CVSS8.4AI score0.02404EPSS

CVE•added 2019/12/14 12:15 a.m.•127 views

CVE-2019-5235

Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.

5.3CVSS5.2AI score0.00247EPSS

CVE•added 2020/06/15 4:15 p.m.•49 views

CVE-2020-9076

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified,...

6.8CVSS6.6AI score0.00102EPSS

CVE•added 2020/12/07 1:15 p.m.•47 views

CVE-2020-9247

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a hi...

7.8CVSS7.9AI score0.00352EPSS

CVE•added 2020/10/12 2:15 p.m.•39 views

CVE-2020-9109

There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploi...

4.6CVSS4.7AI score0.00028EPSS

CVE•added 2021/07/13 12:15 p.m.•36 views

CVE-2021-22440

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly va...

4.6CVSS4.7AI score0.00026EPSS

CVE•added 2020/09/03 7:15 p.m.•34 views

CVE-2020-9235

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P...

5.5CVSS5.3AI score0.00033EPSS