First published: Tue Nov 12 2019(Updated: )
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Honor Play Firmware | <cornell-al00a_9.1.0.321\(c00e320r1p1t8\) | |
Huawei Honor Play |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2019-5213.
The title of this vulnerability is 'Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability.'
The severity of CVE-2019-5213 is low with a CVSS score of 2.4.
An attacker can exploit this vulnerability by taking advantage of a logic judge error in the system under certain scenarios and modify the alarm clock settings.
No, Huawei Honor Play is not affected by this vulnerability.