10.1.0.126(C00E125R5P3)

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

huawei

CWE-843

NVD

Published: 2020-07-06

Updated: 2020-07-09

Summary

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 30 Firmware - Huawei Mate 30 Firmware 10.0.0.205\(C00E201R7P2\) Huawei Mate 30 Firmware 10.1.0.126\(C00E125R5P3\)	3
Hardware	Huawei Huawei Mate 30 -	1

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-05-smartphone-en