CVE-2019-5221
https://notcve.org/view.php?id=CVE-2019-5221
There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1). Hay una vulnerabilidad de salto de ruta en la función Huawei Share. El software no comprueba apropiadamente la ruta, un atacante podría crear una ruta (path) de archivo al transportar un archivo por medio de Huawei Share, una explotación con éxito podría permitirle transportar un archivo a una ruta arbitraria en el teléfono. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-5220
https://notcve.org/view.php?id=CVE-2019-5220
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2). Hay una vulnerabilidad de omisión de la protección Factory Reset Protection (FRP) en varios teléfonos inteligentes. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190626-01-frp-en • CWE-863: Incorrect Authorization •