CVE-2019-5246

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name	Vendor	Start Version	End Version
Elle-al00b_firmware	Huawei	9.1.0.109(c00e106r1p21) (including)	9.1.0.109(c00e106r1p21) (including)
Elle-al00b_firmware	Huawei	9.1.0.113(c00e110r1p21) (including)	9.1.0.113(c00e110r1p21) (including)
Elle-al00b_firmware	Huawei	9.1.0.125(c00e120r1p21) (including)	9.1.0.125(c00e120r1p21) (including)
Elle-al00b_firmware	Huawei	9.1.0.135(c00e130r1p21) (including)	9.1.0.135(c00e130r1p21) (including)
Elle-al00b_firmware	Huawei	9.1.0.153(c00e150r1p21) (including)	9.1.0.153(c00e150r1p21) (including)
Elle-al00b_firmware	Huawei	9.1.0.155(c00e150r1p21) (including)	9.1.0.155(c00e150r1p21) (including)
Elle-al00b_firmware	Huawei	9.1.0.162(c00e160r2p1) (including)	9.1.0.162(c00e160r2p1) (including)

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-codeexecution-en

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5246
CWE	https://cwe.mitre.org/data/definitions/345.html

Insufficient Verification of Data Authenticity

Weakness

Affected Software

Related Attack Patterns

References