Sign-up

ID

VAR-201912-0055


CVE

CVE-2019-5276


TITLE

Huawei Classic buffer overflow vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2019-013596

DESCRIPTION

Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. Huawei Smartphones contain a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei ELLE-AL00B is a smartphone from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5276 // JVNDB: JVNDB-2019-013596 // CNVD: CNVD-2019-46623

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-46623

AFFECTED PRODUCTS

vendor:huaweimodel:elle-al00bscope:ltversion:9.1.0.222\(c00e220r2p1\)

Trust: 1.0

vendor:huaweimodel:emily-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:elle-al00b <9.1.0.222scope: - version: -

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion:9.1.0.155c00e150r1p21

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion: -

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion:9.1.0.135c00e130r1p21

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion:9.1.0.162c00e160r2p1

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion:9.1.0.113c00e110r1p21

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion:9.1.0.125c00e120r1p21

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion:9.1.0.109c00e106r1p21

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion:9.1.0.193c00e190r2p1

Trust: 0.6

vendor:huaweimodel:elle-al00bscope:eqversion:9.1.0.153c00e150r1p21

Trust: 0.6

sources: CNVD: CNVD-2019-46623 // JVNDB: JVNDB-2019-013596 // CNNVD: CNNVD-201912-914 // NVD: CVE-2019-5276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5276
value: HIGH

Trust: 1.0

NVD: CVE-2019-5276
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-46623
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-914
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5276
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-46623
severity: MEDIUM
baseScore: 4.6
vectorString: AV:A/AC:H/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5276
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5276
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-46623 // JVNDB: JVNDB-2019-013596 // CNNVD: CNNVD-201912-914 // NVD: CVE-2019-5276

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-013596 // NVD: CVE-2019-5276

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201912-914

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-914

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013596

PATCH
title:huawei-sa-20191218-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-02-smartphone-en
Trust: 0.8
title:Patch for Huawei ELLE-AL00B Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/195195
Trust: 0.6
title:Huawei ELLE-AL00B Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106012
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46623 // 
            
            
            
            JVNDB: JVNDB-2019-013596 // 
            
            
            
            CNNVD: CNNVD-201912-914

EXTERNAL IDS
db:NVDid:CVE-2019-5276
Trust: 3.0
db:JVNDBid:JVNDB-2019-013596
Trust: 0.8
db:CNVDid:CNVD-2019-46623
Trust: 0.6
db:CNNVDid:CNNVD-201912-914
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46623 // 
            
            
            
            JVNDB: JVNDB-2019-013596 // 
            
            
            
            CNNVD: CNNVD-201912-914 // 
            
            
            
            NVD: CVE-2019-5276

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-02-smartphone-en
Trust: 1.6
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191218-02-smartphone-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5276
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-5276
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-46623 // 
            
            
            
            JVNDB: JVNDB-2019-013596 // 
            
            
            
            CNNVD: CNNVD-201912-914 // 
            
            
            
            NVD: CVE-2019-5276

CREDITS
Huawei
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-914

SOURCES
db:CNVDid:CNVD-2019-46623
db:JVNDBid:JVNDB-2019-013596
db:CNNVDid:CNNVD-201912-914
db:NVDid:CVE-2019-5276

LAST UPDATE DATE
2024-11-23T22:29:49.928000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-46623date:2019-12-24T00:00:00
db:JVNDBid:JVNDB-2019-013596date:2020-01-10T00:00:00
db:CNNVDid:CNNVD-201912-914date:2019-12-30T00:00:00
db:NVDid:CVE-2019-5276date:2024-11-21T04:44:39.330

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-46623date:2019-12-24T00:00:00
db:JVNDBid:JVNDB-2019-013596date:2020-01-10T00:00:00
db:CNNVDid:CNNVD-201912-914date:2019-12-18T00:00:00
db:NVDid:CVE-2019-5276date:2019-12-23T18:15:11.083