CVE-2019-5284
Description
There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DoS vulnerability exists in the RTSP module of Huawei Leland-AL00A smartphones before version 9.1.0.111(C00E111R2P10T8), allowing remote attackers to cause a denial of service by tricking the user into opening a malformed RTSP stream.
Vulnerability
The Real-Time Streaming Protocol (RTSP) module in Huawei Leland-AL00A smartphones running versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8) contains a denial-of-service (DoS) vulnerability [1][2]. When the phone processes a specially crafted RTSP media stream, the bug can be triggered without requiring any special configuration beyond user interaction to open the stream.
Exploitation
A remote attacker must first trick the user into opening a malformed RTSP media stream, for example by luring the user to a malicious link or sending a crafted stream URL [1][2]. No further authentication or network privileges are described beyond the ability to deliver the stream to the device.
Impact
Successful exploitation of the vulnerability causes the affected phone to become abnormal, leading to a denial-of-service (DoS) condition [1][2]. The device may become unresponsive or crash, disrupting normal operation. The advisory does not indicate any information disclosure or privilege escalation.
Mitigation
Huawei has released a software update to fix this vulnerability [1][2]. The resolved version is Leland-AL00A 9.1.0.111(C00E111R2P10T8). Users should update their devices to this version or later. No workaround is mentioned in the available references. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2< 9.1.0.111(C00E111R2P10T8)+ 1 more
- (no CPE)range: < 9.1.0.111(C00E111R2P10T8)
- (no CPE)range: Versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-enmitrex_refsource_CONFIRM
- www.huawei.com/en/psirt/security-advisories/huawei-sa-20190523-01-smartphone-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.