ID

VAR-201906-0052


CVE

CVE-2019-5281


TITLE

Huawei Y9 2019 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-33617 // CNNVD: CNNVD-201902-753

DESCRIPTION

There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). When a local attacker uses the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations. Huawei Smartphones contain information disclosure vulnerabilities.Information may be obtained. Huawei Y9 2019 is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5281 // JVNDB: JVNDB-2019-005140 // CNVD: CNVD-2019-33617

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33617

AFFECTED PRODUCTS

vendor:huaweimodel:y9 2019scope:ltversion:jackman-l21_8.2.0.155\(c185r1p2\)

Trust: 1.0

vendor:huaweimodel:y9 2019scope:ltversion:jackman-l21 8.2.0.155(c185r1p2)

Trust: 0.8

vendor:huaweimodel:y9 <jackman-l21 8.2.0.155scope:eqversion:2019

Trust: 0.6

sources: CNVD: CNVD-2019-33617 // JVNDB: JVNDB-2019-005140 // NVD: CVE-2019-5281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5281
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5281
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-33617
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201902-753
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5281
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33617
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5281
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-33617 // JVNDB: JVNDB-2019-005140 // CNNVD: CNNVD-201902-753 // NVD: CVE-2019-5281

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-005140 // NVD: CVE-2019-5281

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-753

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201902-753

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005140

PATCH

title:huawei-sa-20190218-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190218-01-smartphone-en

Trust: 0.8

title:Patch for Huawei Y9 2019 Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/182847

Trust: 0.6

title:Huawei Y9 2019 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89553

Trust: 0.6

sources: CNVD: CNVD-2019-33617 // JVNDB: JVNDB-2019-005140 // CNNVD: CNNVD-201902-753

EXTERNAL IDS

db:NVDid:CVE-2019-5281

Trust: 3.0

db:JVNDBid:JVNDB-2019-005140

Trust: 0.8

db:CNVDid:CNVD-2019-33617

Trust: 0.6

db:CNNVDid:CNNVD-201902-753

Trust: 0.6

sources: CNVD: CNVD-2019-33617 // JVNDB: JVNDB-2019-005140 // CNNVD: CNNVD-201902-753 // NVD: CVE-2019-5281

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190218-01-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5281

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190218-01-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5281

Trust: 0.8

sources: CNVD: CNVD-2019-33617 // JVNDB: JVNDB-2019-005140 // CNNVD: CNNVD-201902-753 // NVD: CVE-2019-5281

CREDITS

The vulnerability is caused by Syrian Virtual University of Mohammed Ali Al-Hammad Report to Huawei PSIRT . Huawei thanks Mohammed Ali Al-Hammad Collaborate with us to disclose vulnerabilities to protect Huawei's customers.

Trust: 0.6

sources: CNNVD: CNNVD-201902-753

SOURCES

db:CNVDid:CNVD-2019-33617
db:JVNDBid:JVNDB-2019-005140
db:CNNVDid:CNNVD-201902-753
db:NVDid:CVE-2019-5281

LAST UPDATE DATE

2024-11-23T22:41:29.677000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-33617date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-005140date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201902-753date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5281date:2024-11-21T04:44:39.867

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-33617date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-005140date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201902-753date:2019-02-18T00:00:00
db:NVDid:CVE-2019-5281date:2019-06-04T18:29:00.847