A vulnerability was found in Huawei Mate 10, Mate 10 Pro, Honor V10, Changxiang 7S, P-smart, Changxiang 8 Plus, Y9 2018, Honor 9 Lite, Honor 9i and Mate 9 (Smartphone Operating System). It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Applock. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. The summary by CVE is:

There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.

The weakness was released 12/13/2019. This vulnerability is known as CVE-2019-5264 since 01/04/2019. The exploitation appears to be easy. Attacking locally is a requirement. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Type

• Smartphone Operating System

Vendor

• Huawei

Name

• Changxiang 7S
• Changxiang 8 Plus
• Honor 9 Lite
• Honor 9i
• Honor V10
• Mate 9
• Mate 10
• Mate 10 Pro
• P-smart
• Y9 2018

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion