CVE-2019-5213Improper Authentication in Huawei Honor Play Firmware

CWE-287Improper Authentication3 documents3 sources
Severity
2.4LOWNVD
EPSS
0.1%
top 84.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Honor Play Firmware
Timeline
PublishedNov 12
Latest updateMay 24

Description

Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

NVDhuawei/honor_play_firmware< cornell-al00a_9.1.0.321\(c00e320r1p1t8\)
CVEListV5huawei/honor_play_firmwareVersions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8)

🔴Vulnerability Details

2
GHSA
GHSA-r76g-8cjw-fqwr: Honor play smartphones with versions earlier than Cornell-AL00A 92022-05-24
CVEList
CVE-2019-5213: Honor play smartphones with versions earlier than Cornell-AL00A 92019-11-12
CVE-2019-5213 — Improper Authentication in Huawei | cvebase