CVE-2019-5210
HIGHNova 5i pro and Nova 5 <9.1.1.190-9.1.1.175 - Code Injection
Title source: llmDescription
Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191120-01-smartphone-en
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
19.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-129
Status
published
Products (2)
huawei/nova_5_firmware
< 9.1.1.175\(c00e170r3p2\)
huawei/nova_5i_pro_firmware
< 9.1.1.190\(c00e190r6p2\)
Published
Nov 29, 2019
Tracked Since
Feb 18, 2026