Path Traversal Vulnerability in Huawei Smartphones
CVE-2019-5251

5.5MEDIUM

Key Information:

Vendor
Huawei
Vendor
CVE Published:
13 December 2019

Summary

A path traversal vulnerability exists in various Huawei smartphone models, where the system fails to adequately validate certain pathnames from applications. This lack of validation may allow an attacker to deceive the user into installing, backing up, or restoring a malicious application. If successfully exploited, it can lead to unauthorized information disclosure, posing significant risks to user data and device security.

Affected Version(s)

Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s Versions earlier than 9.1.0.333(C00E333R2P1T8)

Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s Versions earlier than 9.1.0.226(C00E220R2P1)

Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s Versions earlier than 9.1.0.130(C00E115R2P8T8)

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.