Authorization Bypass Vulnerability in Huawei Honor V10 Smartphones
CVE-2019-5295

6.4MEDIUM

Key Information:

Vendor: Huawei
Status: Honor V10
Vendor: CVE Published:; 6 June 2019

Summary

The Honor V10 smartphones manufactured by Huawei contain a security flaw due to an inadequate authorization implementation. This vulnerability allows attackers to circumvent certain authorization scopes, enabling them to execute specific actions that should only be available to authorized users. Unsanctioned access may lead to unauthorized modifications or interactions with system features, posing a significant risk to the integrity and privacy of user data.

Affected Version(s)

Honor V10 Versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2019
Vulnerability Reserved
Jan 4, 2019