CVE-2020-9108
First published: Mon Oct 12 2020(Updated: )
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei P30 Pro Firmware | <10.1.0.160\(c00e160r2p8\) | |
| HUAWEI P30 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Huawei P30 Pro vulnerability?
The vulnerability ID for this Huawei P30 Pro vulnerability is CVE-2020-9108.
What is the severity level of CVE-2020-9108?
The severity level of CVE-2020-9108 is high.
How does the vulnerability in Huawei P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) impact the device?
The vulnerability in Huawei P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) allows an unauthenticated attacker to perform out-of-bounds read and write, potentially leading to remote code execution or unauthorized access to sensitive information.
What is the affected software for CVE-2020-9108?
The affected software for CVE-2020-9108 is Huawei P30 Pro firmware versions earlier than 10.1.0.160(C00E160R2P8).
How can I mitigate the vulnerability in my Huawei P30 Pro?
To mitigate the vulnerability, update your Huawei P30 Pro firmware to version 10.1.0.160(C00E160R2P8) or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- vendor/huawei
- canonical/huawei p30 pro firmware
- canonical/huawei p30 pro