Description
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190930-01-smartphone-en
Scores
CVSS v3
4.6
EPSS
0.0006
EPSS Percentile
17.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (1)
huawei/p30_firmware
< elle-al00b_9.1.0.186\(c00e180r2p1\)
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026