CVE-2019-5220Incorrect Authorization in Huawei Honor Magic 2 Firmware

CWE-863Incorrect Authorization3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 93.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Huawei Honor Magic 2 FirmwareHuawei Mate 20 FirmwareHuawei Mate 20 X Firmware+3 more
Timeline
PublishedJul 10
Latest updateMay 24

Description

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages6 packages

NVDhuawei/mate_20_firmware< hima-al00b\/hima-tl00b_9.0.0.200\(c00e200r2p1\)
NVDhuawei/mate_20_x_firmware< ever-al00b_9.0.0.200\(c00e200r2p1\)
NVDhuawei/honor_magic_2_firmware< tony-al00b\/tony-tl00b_9.0.0.182\(c00e180r2p2\)
CVEListV5huawei/mate_20Versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1)
CVEListV5huawei/mate_20_xVersions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1)

🔴Vulnerability Details

2
GHSA
GHSA-xv59-3gpf-c92h: There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones2022-05-24
CVEList
CVE-2019-5220: There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones2019-07-10
CVE-2019-5220 — Incorrect Authorization in Huawei | cvebase