CVE-2019-5230
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
13/11/2019
Last modified:
15/11/2019
Description
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:huawei:p20_pro_firmware:*:*:*:*:*:*:*:* | charlotte-al00a_9.1.0.321\(c00e320r1p1t8\) (excluding) | |
| cpe:2.3:h:huawei:p20_pro:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:* | emily-al00a_9.1.0.321\(c00e320r1p1t8\) (excluding) | |
| cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:mate_rs_firmware:*:*:*:*:*:*:*:* | neo-al00d_neo-al00_9.1.0.321\(c786e320r1p1t8\) (excluding) | |
| cpe:2.3:h:huawei:mate_rs:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page