CVE-2019-5260 — Improper Input Validation in Huawei View 20 Firmware

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 64.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei View 20 Firmware Huawei Y9 2019 Firmware

Timeline

PublishedDec 13

Latest updateMay 24

Description

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/view_20_firmware9.0.1.169\(c636e1r4p1\), 9.0.1.170\(c185e2r3p1\), 9.0.1.170\(c432e1r3p1\)+2

▶NVDhuawei/y9_2019_firmware8.2.0.160\(c185r2p2\), 8.2.0.162\(c605\), 8.2.0.163\(c605\)+2

🔴Vulnerability Details

GHSA

GHSA-2x6m-qw3h-9vjw: Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability↗2022-05-24

▶

CVEList

CVE-2019-5260: Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability↗2019-12-13

▶