Input validation

2019-12-1322:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.

CPENameOperatorVersion
view_20_firmwareeq9.0.1169-c636-e1-r4-p1
view_20_firmwareeq9.0.1170-c185-e2-r3-p1
view_20_firmwareeq9.0.1170-c432-e1-r3-p1
y9_2019_firmwareeq8.2.160-c185-r2-p2
y9_2019_firmwareeq8.2.162-c605
y9_2019_firmwareeq8.2.163-c605

Name	Operator	Version
view_20_firmware	eq	9.0.1169-c636-e1-r4-p1
view_20_firmware	eq	9.0.1170-c185-e2-r3-p1
view_20_firmware	eq	9.0.1170-c432-e1-r3-p1
y9_2019_firmware	eq	8.2.160-c185-r2-p2
y9_2019_firmware	eq	8.2.162-c605
y9_2019_firmware	eq	8.2.163-c605