CVE-2019-5226
Description
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei P30, P30 Pro, Mate 20, and HiSuite have a version downgrade vulnerability due to insufficient upgrade package validation.
Vulnerability
A version downgrade vulnerability exists in Huawei P30 (versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1)), P30 Pro (versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1)), Mate 20 (versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1)), and HiSuite (versions earlier than 9.1.0.305). The device and HiSuite software do not validate the upgrade package sufficiently, allowing the smartphone system to be downgraded to an older version [1].
Exploitation
An attacker with network access or physical access can provide a malicious downgrade package that the software accepts without proper validation. No authentication is explicitly mentioned, but the attack likely requires the attacker to control the upgrade source or be in a position to perform a man-in-the-middle attack during an update session [1].
Impact
Successful exploitation allows an attacker to downgrade the smartphone system to an older, less secure version. This could enable the exploitation of previously patched vulnerabilities, leading to potential information disclosure, privilege escalation, or other security compromises depending on the vulnerabilities present in the older firmware [1].
Mitigation
Huawei has released software updates to fix these vulnerabilities: ELLE-AL00B 9.1.0.193(C00E190R2P1) for P30, VOGUE-AL00A 9.1.0.193(C00E190R2P1) for P30 Pro, Hima-AL00B 9.1.0.135(C00E133R2P1) for Mate 20, and HiSuite 9.1.0.305 for HiSuite [1]. Users should update their software to these versions or later.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Huawei/P30, P30 Pro, Mate 20 smartphonesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.