Information Leak in Honor and Huawei Mobile Phones
CVE-2019-5292

3.3LOW

Key Information:

Vendor
Huawei
Vendor
CVE Published:
13 November 2019

Summary

The vulnerability affects multiple Huawei mobile phone models, specifically the Honor 10 Lite, Honor 8A, and Huawei Y6, all of which are running pre-specified software versions. It stems from improper management of error records in certain modules, allowing authorized users to exploit this flaw to extract sensitive information from the device. Users are advised to update their devices to the latest versions to mitigate this risk.

Affected Version(s)

Honor 10 Lite, Honor 8A, Huawei Y6 The versions before 9.1.0.217(C00E215R3P1), The versions before 9.1.0.205(C00E97R1P9), The versions before 9.1.0.205(C00E97R2P2)

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.