CVE-2019-5226

MEDIUM

Huawei P30/P30 Pro/Mate 20 < ELLE-AL00B 9.1.0.193(C00E190R2P1) - Ve...

Title source: llm

Description

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.

References (1)

[Vendor Advisory] https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-346

Status published

Affected Products (4)

huawei/p30_firmware < elle-al00b_9.1.0.193\(c00e190r2p1\)

huawei/p30_pro_firmware < vogue-al00a_9.1.0.193\(c00e190r2p1\)

huawei/mate_20_firmware < hima-al00b_9.1.0.135\(c00e133r2p1\)

huawei/hisuite_firmware < 9.1.0.305

Timeline

Published Nov 29, 2019

Tracked Since Feb 18, 2026