CVE-2019-5251: Path Traversal
First published: Fri Dec 13 2019(Updated: )
There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Honor V10 Firmware | <9.1.0.333\(c00e333r2p1t8\) | |
| Huawei Honor V10 | ||
| Huawei P30 Firmware | <9.1.0.226\(c00e220r2p1\) | |
| HUAWEI P30 | ||
| Huawei Enjoy 7s Firmware | <9.1.0.130\(c00e115r2p8t8\) | |
| Huawei Enjoy 7s | ||
| Huawei Mate 20 Firmware | <9.1.0.139\(c00e133r3p1\) | |
| HUAWEI Mate 20 | ||
| Huawei Honor 9 Lite Firmware | <9.1.0.143\(c636e5r1p5t8\) | |
| Huawei Honor 9 Lite | ||
| Huawei Honor 9i Firmware | <9.1.0.120\(c00e113r1p6t8\) | |
| Huawei Honor 9i | ||
| Huawei M6 Firmware | <9.1.1.150\(c00e150r1p150\) | |
| Huawei M6 | ||
| Huawei P30 Pro Firmware | <9.1.0.226\(c00e210r2p1\) | |
| HUAWEI P30 Pro | ||
| Huawei Honor 20s Firmware | <9.1.1.132\(c00e131r6p1\) | |
| Huawei Honor 20s | ||
| Huawei Honor 9 Lite Firmware | <9.1.0.130\(c00e112r2p10t8\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-5251?
CVE-2019-5251 is a path traversal vulnerability in several Huawei smartphones that allows an attacker to trick users into installing a malicious application.
Which Huawei smartphones are affected by CVE-2019-5251?
Several Huawei smartphones including Huawei Honor V10, Huawei P30, Huawei Enjoy 7s, Huawei Mate 20, Huawei Honor 9 Lite, Huawei Honor 9i, Huawei M6, and Huawei Honor 20s are affected by CVE-2019-5251.
What is the severity of CVE-2019-5251?
The severity of CVE-2019-5251 is medium, with a CVSS score of 5.5.
How can an attacker exploit CVE-2019-5251?
An attacker can exploit CVE-2019-5251 by tricking the user into installing, backing up, and restoring a malicious application.
Is there a fix available for CVE-2019-5251?
Users should apply the latest firmware or security patches provided by Huawei to mitigate the CVE-2019-5251 vulnerability.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/event
- agent/type
- agent/tags
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei honor v10 firmware
- canonical/huawei honor v10
- canonical/huawei p30 firmware
- canonical/huawei p30
- canonical/huawei enjoy 7s firmware
- canonical/huawei enjoy 7s
- canonical/huawei mate 20 firmware
- canonical/huawei mate 20
- canonical/huawei honor 9 lite firmware
- canonical/huawei honor 9 lite
- canonical/huawei honor 9i firmware
- canonical/huawei honor 9i
- canonical/huawei m6 firmware
- canonical/huawei m6
- canonical/huawei p30 pro firmware
- canonical/huawei p30 pro
- canonical/huawei honor 20s firmware
- canonical/huawei honor 20s