CVE-2019-5210

Published: Nov 29, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.

Affected (2)

Products: Huawei: Nova 5i Pro Firmware, Nova 5 Firmware

2 products

Nova 5i Pro Firmware

Nova 5 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nova 5i Pro Firmware	Before 9.1.1.190\(c00e190r6p2\)

Running on/with	Platform Versions
Huawei Nova 5i Pro	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nova 5 Firmware	Before 9.1.1.175\(c00e170r3p2\)

Running on/with	Platform Versions
Huawei Nova 5	All versions

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191120-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191120-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.