Path Traversal Vulnerability in Huawei Smartphones
CVE-2019-5251

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Honor V10;p30;mate 20;honor 9 Lite;honor 9i;m6;p30 Pro;honor 20s
Vendor: CVE Published:; 13 December 2019

Summary

A path traversal vulnerability exists in various Huawei smartphone models, where the system fails to adequately validate certain pathnames from applications. This lack of validation may allow an attacker to deceive the user into installing, backing up, or restoring a malicious application. If successfully exploited, it can lead to unauthorized information disclosure, posing significant risks to user data and device security.

Affected Version(s)

Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s Versions earlier than 9.1.0.333(C00E333R2P1T8)

Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s Versions earlier than 9.1.0.226(C00E220R2P1)

Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s Versions earlier than 9.1.0.130(C00E115R2P8T8)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2019
Vulnerability Reserved
Jan 4, 2019