Information Leak in Honor and Huawei Mobile Phones
CVE-2019-5292

3.3LOW

Key Information:

Vendor: Huawei
Status: Honor 10 Lite, Honor 8a, Huawei Y6
Vendor: CVE Published:; 13 November 2019

Summary

The vulnerability affects multiple Huawei mobile phone models, specifically the Honor 10 Lite, Honor 8A, and Huawei Y6, all of which are running pre-specified software versions. It stems from improper management of error records in certain modules, allowing authorized users to exploit this flaw to extract sensitive information from the device. Users are advised to update their devices to the latest versions to mitigate this risk.

Affected Version(s)

Honor 10 Lite, Honor 8A, Huawei Y6 The versions before 9.1.0.217(C00E215R3P1), The versions before 9.1.0.205(C00E97R1P9), The versions before 9.1.0.205(C00E97R2P2)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Jan 4, 2019