Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5250

Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.

Published

2019-12-13T15:15:11.240

Last Modified

2024-11-21T04:44:36.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	mate_20_pro_firmware	< 9.1.0.135\(c00e133r3p1\)	Yes
Hardware	huawei	mate_20_pro	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)