CVE-2019-5302

CWE-20Improper Input Validation3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 79.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
94
Huawei Alp-al00b FirmwareHuawei Alp-l09 FirmwareHuawei Alp-l29 Firmware+91 more
Timeline
PublishedApr 27
Latest updateMay 24

Description

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29:

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages94 packages

NVDhuawei/emily-l29c_firmware< 9.1.0.311\(c605e2r1p12t8\)+2
NVDhuawei/charlotte-l29c_firmware< 9.1.0.325\(c185e4r1p11t8\)+3
CVEListV5huawei/emily-l29cVersions earlier than 9.1.0.311(C432E7R1P11T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8)+2
CVEListV5huawei/charlotte-l29c4 versions+3
NVDhuawei/emily-l09c_firmware< 9.1.0.336\(c605e4r1p12t8\)+2

🔴Vulnerability Details

2
GHSA
GHSA-ch39-559f-wp4m: There are two denial of service vulnerabilities on some Huawei smartphones2022-05-24
CVEList
CVE-2019-5302: There are two denial of service vulnerabilities on some Huawei smartphones2020-04-27
CVE-2019-5302 (MEDIUM CVSS 5.3) | There are two denial of service vul | cvebase.io