CVE-2019-5295
MEDIUMHuawei Honor V10 <Berkeley-AL20 9.0.0.125(C00E125R2P14T8) - Auth By...
Title source: llmDescription
Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190131-01-phone-en
Scores
CVSS v3
6.4
EPSS
0.0003
EPSS Percentile
8.5%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
huawei/honor_view_10_firmware
< berkeley-al20_9.0.0.125\(c00e125r2p14t8\)
Published
Jun 06, 2019
Tracked Since
Feb 18, 2026