First published: Fri Nov 29 2019(Updated: )
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei P30 Firmware | <elle-al00b_9.1.0.193\(c00e190r2p1\) | |
HUAWEI P30 | ||
Huawei P30 Pro Firmware | <vogue-al00a_9.1.0.193\(c00e190r2p1\) | |
HUAWEI P30 Pro | ||
Huawei Mate 20 Firmware | <hima-al00b_9.1.0.135\(c00e133r2p1\) | |
HUAWEI Mate 20 | ||
Huawei Hisuite Firmware | <9.1.0.305 | |
Huawei Hisuite |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-5226 is medium, with a severity value of 5.5.
Huawei P30, P30 Pro, and Mate 20 smartphones with software versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), VOGUE-AL00A 9.1.0.193(C00E190R2P1), and Hima-AL00B 9.1.0.135(C00E133R2P1) are affected by CVE-2019-5226.
HUAWEI P30, HUAWEI P30 Pro, and HUAWEI Mate 20 smartphones are not vulnerable to CVE-2019-5226.
To fix CVE-2019-5226, update your Huawei P30, P30 Pro, or Mate 20 smartphone to software version ELLE-AL00B 9.1.0.193(C00E190R2P1), VOGUE-AL00A 9.1.0.193(C00E190R2P1), or Hima-AL00B 9.1.0.135(C00E133R2P1) respectively.
You can find more information about CVE-2019-5226 on Huawei's official security advisory page: [Huawei SA-20190904-01].