CVE-2019-5287
HIGHP30 smart phones < ELLE-AL00B 9.1.0.193(C00E190R2P1 - Code Injection
Title source: llmDescription
P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
33.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
huawei/p30_firmware
< elle-al00b_9.1.0.193\(c00e190r2p1\)
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026