Vulnerabilities > CVE-2019-5309 - Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Honor Play Firmware

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

huawei

CWE-307

NVD

Published: 2019-11-29

Updated: 2020-08-24

Summary

Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Honor Play Firmware -	1
Hardware	Huawei Huawei Honor Play -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en