var-201906-0050
Vulnerability from variot
There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone. Huawei P20 Smartphones have vulnerabilities related to authorization, authority, and access control.Information may be tampered with. The Huawei P20 is a smartphone from China's Huawei.
There are security vulnerabilities in versions before Huawei P20 Emily-AL00A 9.0.0.167 (C00E81R1P21T8)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p20",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "emily-al00a_9.0.0.167\\(c00e81r1p21t8\\)"
},
{
"model": "p20",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "emily-al00a 9.0.0.167(c00e81r1p21t8)"
},
{
"model": "p20 \u003cemily-al00a 9.0.0.167",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33618"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"db": "NVD",
"id": "CVE-2019-5306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p20_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vulnerability was discovered by Huawei internal testing.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-996"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5306",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-33618",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2019-5306",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5306",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5306",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-33618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-996",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33618"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-996"
},
{
"db": "NVD",
"id": "CVE-2019-5306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone. Huawei P20 Smartphones have vulnerabilities related to authorization, authority, and access control.Information may be tampered with. The Huawei P20 is a smartphone from China\u0027s Huawei. \n\nThere are security vulnerabilities in versions before Huawei P20 Emily-AL00A 9.0.0.167 (C00E81R1P21T8)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5306"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"db": "CNVD",
"id": "CNVD-2019-33618"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5306",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005136",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-33618",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-996",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33618"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-996"
},
{
"db": "NVD",
"id": "CVE-2019-5306"
}
]
},
"id": "VAR-201906-0050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33618"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33618"
}
]
},
"last_update_date": "2024-11-23T22:21:36.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190228-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190228-01-smartphone-en"
},
{
"title": "Patch for Huawei P20 FRP Security Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/182845"
},
{
"title": "Huawei P20 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89700"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33618"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-996"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"db": "NVD",
"id": "CVE-2019-5306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190228-01-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5306"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190228-01-smartphone-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5306"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33618"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-996"
},
{
"db": "NVD",
"id": "CVE-2019-5306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-33618"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-996"
},
{
"db": "NVD",
"id": "CVE-2019-5306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33618"
},
{
"date": "2019-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"date": "2019-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-996"
},
{
"date": "2019-06-04T18:29:00.973000",
"db": "NVD",
"id": "CVE-2019-5306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33618"
},
{
"date": "2019-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005136"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-996"
},
{
"date": "2024-11-21T04:44:43.073000",
"db": "NVD",
"id": "CVE-2019-5306"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P20 Vulnerabilities related to authorization, authority, and access control in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005136"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-996"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.