Input validation error in Huawei Nova 5i pro and Huawei Nova 5 - CVE-2019-5210
Published: November 21, 2019
Vulnerability identifier: #VU22879
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-5210
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei Nova 5i pro
Huawei Nova 5
Huawei Nova 5i pro
Huawei Nova 5
Detailed vulnerability description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to the system does not properly validate the input value before use it as an array index when processing certain image information. A local attacker can trick a victim to install a malicious application and execute arbitrary code.
How to mitigate CVE-2019-5210
Install updates from vendor's website.