VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 4, 2019· Updated Aug 4, 2024

CVE-2019-5307

CVE-2019-5307

Description

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Huawei P30 and P30 Pro 4G LTE devices have a NAS message replay vulnerability allowing attackers to tamper with GUTIs or obtain IMSIs via rogue base station.

Vulnerability

Huawei P30 (versions before ELE-AL00 9.1.0.162) and P30 Pro (versions before VOG-AL00 9.1.0.162) implement a less strict check on the NAS message sequence number (NAS COUNT) [1]. This allows an attacker to replay GUTI reallocation command messages or Identity request messages.

Exploitation

An attacker must construct a rogue base station that the target device can connect to. Under certain conditions, the attacker can replay previously captured NAS messages: a GUTI reallocation command to tamper with GUTIs, or an Identity request to obtain IMSIs [1].

Impact

Successful exploitation enables the attacker to tamper with Globally Unique Temporary Identifiers (GUTIs) or obtain International Mobile Subscriber Identities (IMSIs), compromising user privacy and potentially enabling further attacks.

Mitigation

Huawei has released software updates: ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) for P30 and VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) for P30 Pro [1]. Users should update to the fixed versions. No workarounds are documented.

References
  1. Security Advisory - Some Huawei 4G LTE devices are exposed to a message replay vulnerability

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Huawei/P30 Prollm-create
    Range: <=VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)
  • Huawei/P30llm-fuzzy
    Range: <=ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)
  • Huawei/P30,P30 Prov5
    Range: The versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.