Description
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-codeexecution-en
Scores
CVSS v3
6.2
EPSS
0.0002
EPSS Percentile
7.2%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-345
Status
published
Products (7)
huawei/elle-al00b_firmware
9.1.0.109\(c00e106r1p21\)
huawei/elle-al00b_firmware
9.1.0.113\(c00e110r1p21\)
huawei/elle-al00b_firmware
9.1.0.125\(c00e120r1p21\)
huawei/elle-al00b_firmware
9.1.0.135\(c00e130r1p21\)
huawei/elle-al00b_firmware
9.1.0.153\(c00e150r1p21\)
huawei/elle-al00b_firmware
9.1.0.155\(c00e150r1p21\)
huawei/elle-al00b_firmware
9.1.0.162\(c00e160r2p1\)
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026