#VU23415 Improper validation of integrity check value in Huawei Mobile applications

Published: 2019-12-05

Vulnerability identifier: #VU23415

Vulnerability risk: Low


CVE-ID: CVE-2019-5226


Exploitation vector: Local

Exploit availability:

Vulnerable software:
Client/Desktop applications / Multimedia software
P30 Pro
Client/Desktop applications / Multimedia software
Huawei Mate 20
Client/Desktop applications / Multimedia software
Huawei HiSuite
Mobile applications / Apps for mobile phones

Vendor: Huawei


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected devices and software do not validate the upgrade package sufficiently. A local user can trick the user to install a malicious application and downgrade the system of smartphone to an older version.

Install updates from vendor's website.

Vulnerable software versions

P30: All versions

P30 Pro: All versions

Huawei Mate 20: All versions

Huawei HiSuite: All versions

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability