VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 29, 2019· Updated Aug 4, 2024

CVE-2019-5212

CVE-2019-5212

Description

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An improper access control vulnerability in Huawei Share allows a malicious app to access files, leading to information disclosure.

Vulnerability

An improper access control vulnerability exists in Huawei Share on P20 devices. The software does not properly restrict access to certain files from certain applications [1]. Affected versions are those earlier than Emily-L29C 9.1.0.311(C10E2R1P13T8), Emily-L29C 9.1.0.311(C461E2R1P11T8), and Emily-L29C 9.1.0.311(C605E2R1P12T8) [1].

Exploitation

An attacker must trick the user into installing a malicious application. Once installed, the attacker establishes a connection to the victim through Huawei Share [1]. The specific steps involve the malicious application exploiting the improper access control to access files that should be restricted.

Impact

Successful exploitation of this vulnerability could cause disclosure of information from the affected device [1]. The attacker gains unauthorized read access to files, compromising confidentiality.

Mitigation

Huawei has released software updates to fix this vulnerability. Users should update to the resolved versions: Emily-L29C 9.1.0.311(C10E2R1P13T8), Emily-L29C 9.1.0.311(C461E2R1P11T8), or Emily-L29C 9.1.0.311(C605E2R1P12T8) as appropriate [1]. The advisory was released on 2019-11-13 [1].

References
  1. Security Advisory - Improper Access Control Vulnerability in Huawei Share

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.