Improper Input Validation in Huawei Smartphones
CVE-2019-5230
5.5MEDIUM
Summary
Certain Huawei smartphones, including P20 Pro, P20, Mate RS, and NEO-AL00D, are affected by an improper input validation vulnerability. The flaw arises due to inadequate validation of specific input models. This enables an attacker to potentially deceive users into installing a malicious application. Once compromised, the attacker could craft a malformed model, which, if successfully exploited, may lead to unauthorized access and modification of sensitive output data.
Affected Version(s)
P20 Pro, P20, Mate RS Versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), Versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), Versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8)
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved