How severe is CVE-2019-5220?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2019-5220?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2019-5220

MEDIUM Year: 2019

CVSS v3 Score

4.6

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-863

View all →

Vulnerability Description

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2).

CVE-2017-16778

MEDIUM

CVSS:4.6(Medium)

An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow phys...

CWE-8632017

CVE-2018-7926

MEDIUM

CVSS:4.6(Medium)

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtaine...

CWE-8632018

CVE-2018-7988

MEDIUM

CVSS:4.6(Medium)

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone t...

CWE-8632018

CVE-2019-5231

MEDIUM

CVSS:4.6(Medium)

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts...

CWE-8632019

CVE-2020-0473

MEDIUM

CVSS:4.6(Medium)

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical p...

CWE-8632020

CVE-2021-22398

MEDIUM

CVSS:4.6(Medium)

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attac...

CWE-8632021

CVE-2019-5220

Vulnerability Description

Related Vulnerabilities

CVE-2017-16778

CVE-2018-7926

CVE-2018-7988

CVE-2019-5231

CVE-2020-0473

CVE-2021-22398