Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for p40_firmware by huawei

    CVE-2021-37104 (GCVE-0-2021-37104)

    Vulnerability from nvd – Published: 2021-09-28 14:01 – Updated: 2024-08-04 01:09
    VLAI
    Summary
    There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.
    Severity
    No CVSS data available.
    CWE
    • Server-Side Request Forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a HUAWEI P40 Affected: 10.1.0.118(C00E116R3P3)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:07.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HUAWEI P40",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0.118(C00E116R3P3)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-28T14:01:27.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2021-37104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HUAWEI P40",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0.118(C00E116R3P3)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-Side Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2021-37104",
        "datePublished": "2021-09-28T14:01:27.000Z",
        "dateReserved": "2021-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:09:07.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9119 (GCVE-0-2020-9119)

    Vulnerability from nvd – Published: 2020-12-24 15:49 – Updated: 2024-08-04 10:19
    VLAI
    Summary
    There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro Affected: Versions earlier than 10.0.0.189(C185E6R1P3)
    Affected: Versions earlier than 10.1.0.156(C00E155R7P2)
    Affected: Versions earlier than 10.1.0.156(C00E156R7P2)
    Affected: Versions earlier than 10.1.0.150(SP1C00E150R4P1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.817Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.0.0.189(C185E6R1P3)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.156(C00E156R7P2)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-24T15:49:40.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2020-9119",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 10.0.0.189(C185E6R1P3)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.156(C00E156R7P2)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2020-9119",
        "datePublished": "2020-12-24T15:49:40.000Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:19:19.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-37104 (GCVE-0-2021-37104)

    Vulnerability from cvelistv5 – Published: 2021-09-28 14:01 – Updated: 2024-08-04 01:09
    VLAI
    Summary
    There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.
    Severity
    No CVSS data available.
    CWE
    • Server-Side Request Forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a HUAWEI P40 Affected: 10.1.0.118(C00E116R3P3)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:07.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HUAWEI P40",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0.118(C00E116R3P3)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-28T14:01:27.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2021-37104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HUAWEI P40",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0.118(C00E116R3P3)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-Side Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2021-37104",
        "datePublished": "2021-09-28T14:01:27.000Z",
        "dateReserved": "2021-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:09:07.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9119 (GCVE-0-2020-9119)

    Vulnerability from cvelistv5 – Published: 2020-12-24 15:49 – Updated: 2024-08-04 10:19
    VLAI
    Summary
    There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro Affected: Versions earlier than 10.0.0.189(C185E6R1P3)
    Affected: Versions earlier than 10.1.0.156(C00E155R7P2)
    Affected: Versions earlier than 10.1.0.156(C00E156R7P2)
    Affected: Versions earlier than 10.1.0.150(SP1C00E150R4P1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.817Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.0.0.189(C185E6R1P3)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.156(C00E156R7P2)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-24T15:49:40.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2020-9119",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 10.0.0.189(C185E6R1P3)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.156(C00E156R7P2)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2020-9119",
        "datePublished": "2020-12-24T15:49:40.000Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:19:19.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }