Details of VAR-201912-0064

ID

VAR-201912-0064

CVE

CVE-2019-5266

TITLE

Huawei P30 Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-46979 // CNNVD: CNNVD-201912-911

DESCRIPTION

Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled. The Huawei P30 is a smartphone from China's Huawei

Trust: 2.25

sources: NVD: CVE-2019-5266 // JVNDB: JVNDB-2019-013594 // CNVD: CNVD-2019-46979 // VULMON: CVE-2019-5266

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-46979

AFFECTED PRODUCTS

vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.193\(c00e190r2p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.193(c00e190r2p1)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.193	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	9.1.0.193c00e190r2p1	Trust: 0.6
vendor:	huawei	model:	p30	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-46979 // JVNDB: JVNDB-2019-013594 // CNNVD: CNNVD-201912-911 // NVD: CVE-2019-5266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5266
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-5266
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-46979
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-911
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-5266
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-5266
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-46979
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5266
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5266
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-46979 // VULMON: CVE-2019-5266 // JVNDB: JVNDB-2019-013594 // CNNVD: CNNVD-201912-911 // NVD: CVE-2019-5266

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-013594 // NVD: CVE-2019-5266

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-911

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-911

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013594

PATCH

title:	huawei-sa-20191218-02-share	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-02-share-en	Trust: 0.8
title:	Patch for Huawei P30 Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/195197	Trust: 0.6
title:	Huawei P30 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106011	Trust: 0.6
title:	Huawei Security Advisories: Security Advisory - Insufficient Input Validation Vulnerability in Huawei Share	url:	https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=c0789dc63095f594b02a450cf9f7168c	Trust: 0.1

sources: CNVD: CNVD-2019-46979 // VULMON: CVE-2019-5266 // JVNDB: JVNDB-2019-013594 // CNNVD: CNNVD-201912-911

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5266	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-013594	Trust: 0.8
db:	CNVD	id:	CNVD-2019-46979	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-911	Trust: 0.6
db:	VULMON	id:	CVE-2019-5266	Trust: 0.1

sources: CNVD: CNVD-2019-46979 // VULMON: CVE-2019-5266 // JVNDB: JVNDB-2019-013594 // CNNVD: CNNVD-201912-911 // NVD: CVE-2019-5266

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-02-share-en	Trust: 1.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191218-02-share-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5266	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5266	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-46979 // VULMON: CVE-2019-5266 // JVNDB: JVNDB-2019-013594 // CNNVD: CNNVD-201912-911 // NVD: CVE-2019-5266

CREDITS

Huawei

Trust: 0.6

sources: CNNVD: CNNVD-201912-911

SOURCES

db:	CNVD	id:	CNVD-2019-46979
db:	VULMON	id:	CVE-2019-5266
db:	JVNDB	id:	JVNDB-2019-013594
db:	CNNVD	id:	CNNVD-201912-911
db:	NVD	id:	CVE-2019-5266

LAST UPDATE DATE

2024-11-23T23:01:34.530000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-46979	date:	2019-12-26T00:00:00
db:	VULMON	id:	CVE-2019-5266	date:	2019-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-013594	date:	2020-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201912-911	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2019-5266	date:	2024-11-21T04:44:38.300

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-46979	date:	2019-12-24T00:00:00
db:	VULMON	id:	CVE-2019-5266	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013594	date:	2020-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201912-911	date:	2019-12-18T00:00:00
db:	NVD	id:	CVE-2019-5266	date:	2019-12-23T18:15:10.973