ID

VAR-201906-0115


CVE

CVE-2019-5297


TITLE

Emily-L29C Huawei phone Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-005138

DESCRIPTION

Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone. Emily-L29C Huawei phone Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Huawei Emily-L29C is a smartphone from China's Huawei. There is a security vulnerability in Huawei Emily-L29C version 9.0.0.159 (C185E2R1P12T8)

Trust: 2.16

sources: NVD: CVE-2019-5297 // JVNDB: JVNDB-2019-005138 // CNVD: CNVD-2019-33622

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33622

AFFECTED PRODUCTS

vendor:huaweimodel:emily-l29cscope:ltversion:9.0.0.159

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.0.0.159 (c185e2r1p12t8)

Trust: 0.8

vendor:huaweimodel:emily-l29c <9.0.0.159scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-33622 // JVNDB: JVNDB-2019-005138 // NVD: CVE-2019-5297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5297
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5297
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-33622
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-123
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5297
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33622
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5297
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-33622 // JVNDB: JVNDB-2019-005138 // CNNVD: CNNVD-201903-123 // NVD: CVE-2019-5297

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2019-005138 // NVD: CVE-2019-5297

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201903-123

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005138

PATCH

title:huawei-sa-20190305-01-frpurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en

Trust: 0.8

title:Patch for Huawei Emily-L29C FRP Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/182843

Trust: 0.6

title:Huawei Emily-L29C Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89793

Trust: 0.6

sources: CNVD: CNVD-2019-33622 // JVNDB: JVNDB-2019-005138 // CNNVD: CNNVD-201903-123

EXTERNAL IDS

db:NVDid:CVE-2019-5297

Trust: 3.0

db:JVNDBid:JVNDB-2019-005138

Trust: 0.8

db:CNVDid:CNVD-2019-33622

Trust: 0.6

db:CNNVDid:CNNVD-201903-123

Trust: 0.6

sources: CNVD: CNVD-2019-33622 // JVNDB: JVNDB-2019-005138 // CNNVD: CNNVD-201903-123 // NVD: CVE-2019-5297

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5297

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190305-01-frp-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5297

Trust: 0.8

sources: CNVD: CNVD-2019-33622 // JVNDB: JVNDB-2019-005138 // CNNVD: CNNVD-201903-123 // NVD: CVE-2019-5297

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-201903-123

SOURCES

db:CNVDid:CNVD-2019-33622
db:JVNDBid:JVNDB-2019-005138
db:CNNVDid:CNNVD-201903-123
db:NVDid:CVE-2019-5297

LAST UPDATE DATE

2024-11-23T22:37:51.800000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-33622date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-005138date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-123date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5297date:2024-11-21T04:44:41.743

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-33622date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2019-005138date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-123date:2019-03-05T00:00:00
db:NVDid:CVE-2019-5297date:2019-06-04T19:29:00.507