Skip to main content

Mate 30 Firmware CVE-2020-9125

MEDIUM
Out-of-bounds Read (CWE-125)
2020-12-29 psirt@huawei.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 29, 2020 - 18:15 nvd
MEDIUM 6.7

DescriptionNVD

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.

AnalysisAI

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally. Affected products include: Huawei Mate 30 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2020-0022 HIGH POC
8.8 Feb 13

In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds cal

CVE-2020-9263 HIGH
7.8 Oct 19

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11

CVE-2020-9262 HIGH
7.8 Jul 06

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. Rated high severi

CVE-2020-9261 HIGH
7.8 Jul 06

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. Rated high severi

CVE-2021-22301 MEDIUM
6.7 Feb 06

Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. Rated medium severity (CVSS 6.7), this vulnerabili

CVE-2020-9129 MEDIUM
6.7 Nov 13

HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Rated me

CVE-2020-1835 MEDIUM
6.5 Jun 18

HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. Rated me

CVE-2020-1839 MEDIUM
6.3 Jul 06

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. Rated medium seve

CVE-2020-9119 MEDIUM
6.2 Dec 24

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. Rated medium severity (

CVE-2021-22364 MEDIUM
5.5 May 27

There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E

CVE-2021-22307 MEDIUM
5.5 Feb 06

There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). Rated medium severity (CVSS 5.5), this vulner

CVE-2020-9243 MEDIUM
5.5 Aug 10

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. Rated medium s

Share

CVE-2020-9125 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy