Vulnerabilities > CVE-2019-5281 - Unspecified vulnerability in Huawei Y9 2019 Firmware

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

huawei

NVD

Published: 2019-06-04

Updated: 2020-08-24

Summary

There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). When a local attacker uses the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Y9 2019 Firmware - Huawei Y9 2019 Firmware 8.2.0.160\(C185R2P2\) Huawei Y9 2019 Firmware 8.2.0.162\(C605\) Huawei Y9 2019 Firmware 8.2.0.163\(C605\) Huawei Y9 2019 Firmware 9.1.0.220\(C605E3R1P1T8\) Huawei Y9 2019 Firmware 9.1.0.264\(C185E2R5P1T8\) Huawei Y9 2019 Firmware 9.1.0.297\(C605E4R1P1T8\)	7
Hardware	Huawei Huawei Y9 2019 -	1

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190218-01-smartphone-en