Improper Authentication Vulnerability in Huawei Smartphones
CVE-2019-5252

3.5LOW

Key Information:

Vendor
Huawei
Status
Y9, Honor 8x, Honor 9 Lite, Honor 9i, Y6 Pro
Vendor
CVE Published:
14 December 2019

Summary

An improper authentication flaw exists in the applock feature of certain Huawei smartphones, permitting unauthorized access under specific conditions. This vulnerability could enable an attacker to manipulate applications that should be secured by the applock functionality, posing a risk to sensitive user data and privacy. Users are advised to implement security updates and follow best practices to mitigate potential threats.

Affected Version(s)

Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...
x_refsource_MISC

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.