CVE-2019-5307

Name of the Vulnerable Software and Affected Versions Huawei P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) Huawei P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1)

Description The issue is related to a message replay vulnerability in some Huawei 4G LTE devices. These devices implement a less strict check on the NAS message sequence number, specifically NAS COUNT, for better compatibility. This allows an attacker to construct a rogue base station and replay certain messages, such as the GUTI reallocation command message or the Identity request message, under specific conditions. This can result in tampering with GUTIs or obtaining IMSIs.

Recommendations For Huawei P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), update to version ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) or later. For Huawei P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), update to version VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) or later.