A vulnerability, which was classified as critical, has been found in Nova 5i and 5. Affected by this issue is an unknown part. The manipulation with an unknown input leads to a array index vulnerability. Using CWE to declare the problem leads to CWE-129. The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.

The weakness was released 11/29/2019 (Website). The advisory is shared for download at huawei.com. This vulnerability is handled as CVE-2019-5210 since 01/04/2019. The attack needs to be approached locally. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

Upgrading to version 9.1.1.175(C00E170R3P2) or 9.1.1.190(C00E190R6P2)and eliminates this vulnerability.

Entry connected to this vulnerability is available at VDB-146584.

Productinfo

Vendor

• Nova

Name

• 5
• 5i

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion