CVE-2019-5226

MEDIUM

Huawei P30/P30 Pro/Mate 20 < ELLE-AL00B 9.1.0.193(C00E190R2P1) - Ve...

Title source: llm

Description

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-346

Status published

Products (4)

huawei/hisuite_firmware < 9.1.0.305

huawei/mate_20_firmware < hima-al00b_9.1.0.135\(c00e133r2p1\)

huawei/p30_firmware < elle-al00b_9.1.0.193\(c00e190r2p1\)

huawei/p30_pro_firmware < vogue-al00a_9.1.0.193\(c00e190r2p1\)

Published Nov 29, 2019

Tracked Since Feb 18, 2026