CVE-2018-7901

Published: Apr 30, 2018Modified: Nov 21, 2024

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Exploitability: 1.8 / Impact: 2.5

Source: NVD

Description

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely.

Affected (2)

Products: Huawei: Alp Al00b Firmware, Bla Al00b Firmware

Huawei

2 products

Alp Al00b Firmware

Bla Al00b Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Alp Al00b Firmware	Before 8.0.0.129

Running on/with	Platform Versions
Huawei Alp Al00b	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bla Al00b Firmware	Before 8.0.0.129

Running on/with	Platform Versions
Huawei Bla Al00b	All versions

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.