Information Leakage Vulnerability in Huawei Smartphones
CVE-2019-5279

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Emily-l29c
Vendor: CVE Published:; 13 November 2019

Summary

Huawei smartphones, specifically the Emily-L29C model, are susceptible to an information leakage issue. This vulnerability allows an attacker to trick users into installing a malicious application. Once the malicious app is installed, it can copy sensitive files to the sdcard, leading to unauthorized access to personal and confidential information. The affected versions are prior to 9.1.0.311 and 9.1.0.316 across several configurations of the device. Users should exercise caution when installing applications and ensure their devices are updated to mitigate this risk.

Affected Version(s)

Emily-L29C Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Jan 4, 2019