Description
There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en
Scores
CVSS v3
6.7
EPSS
0.0001
EPSS Percentile
2.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (1)
huawei/mate_30_firmware
< 10.1.0.156\(c00e155r7p2\)
Published
Dec 29, 2020
Tracked Since
Feb 18, 2026