Sign-up

ID

VAR-201906-0050


CVE

CVE-2019-5306


TITLE

Huawei P20 Vulnerabilities related to authorization, authority, and access control in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-005136

DESCRIPTION

There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone. Huawei P20 Smartphones have vulnerabilities related to authorization, authority, and access control.Information may be tampered with. The Huawei P20 is a smartphone from China's Huawei. There are security vulnerabilities in versions before Huawei P20 Emily-AL00A 9.0.0.167 (C00E81R1P21T8)

Trust: 2.16

sources: NVD: CVE-2019-5306 // JVNDB: JVNDB-2019-005136 // CNVD: CNVD-2019-33618

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33618

AFFECTED PRODUCTS

vendor:huaweimodel:p20scope:ltversion:emily-al00a_9.0.0.167\(c00e81r1p21t8\)

Trust: 1.0

vendor:huaweimodel:p20scope:ltversion:emily-al00a 9.0.0.167(c00e81r1p21t8)

Trust: 0.8

vendor:huaweimodel:p20 <emily-al00a 9.0.0.167scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-33618 // JVNDB: JVNDB-2019-005136 // NVD: CVE-2019-5306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5306
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5306
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-33618
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201902-996
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5306
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33618
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5306
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-33618 // JVNDB: JVNDB-2019-005136 // CNNVD: CNNVD-201902-996 // NVD: CVE-2019-5306

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2019-005136 // NVD: CVE-2019-5306

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201902-996

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005136

PATCH
title:huawei-sa-20190228-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190228-01-smartphone-en
Trust: 0.8
title:Patch for Huawei P20 FRP Security Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/182845
Trust: 0.6
title:Huawei P20 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89700
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-33618 // 
            
            
            
            JVNDB: JVNDB-2019-005136 // 
            
            
            
            CNNVD: CNNVD-201902-996

EXTERNAL IDS
db:NVDid:CVE-2019-5306
Trust: 3.0
db:JVNDBid:JVNDB-2019-005136
Trust: 0.8
db:CNVDid:CNVD-2019-33618
Trust: 0.6
db:CNNVDid:CNNVD-201902-996
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-33618 // 
            
            
            
            JVNDB: JVNDB-2019-005136 // 
            
            
            
            CNNVD: CNNVD-201902-996 // 
            
            
            
            NVD: CVE-2019-5306

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190228-01-smartphone-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5306
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190228-01-smartphone-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5306
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-33618 // 
            
            
            
            JVNDB: JVNDB-2019-005136 // 
            
            
            
            CNNVD: CNNVD-201902-996 // 
            
            
            
            NVD: CVE-2019-5306

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-996

SOURCES
db:CNVDid:CNVD-2019-33618
db:JVNDBid:JVNDB-2019-005136
db:CNNVDid:CNNVD-201902-996
db:NVDid:CVE-2019-5306

LAST UPDATE DATE
2024-11-23T22:21:36.611000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-33618date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-005136date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201902-996date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5306date:2024-11-21T04:44:43.073

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-33618date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-005136date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201902-996date:2019-02-28T00:00:00
db:NVDid:CVE-2019-5306date:2019-06-04T18:29:00.973