CVE-2018-7907

Published: Sep 26, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak.

Affected (33)

Products: Huawei: Agassi L09 Firmware, Agassi W09 Firmware, Baggio2 U01a Firmware, Bond Al00c Firmware, Bond Al10b Firmware, Bond Tl10b Firmware, Bond Tl10c Firmware, Haydn L1jb Firmware, Kobe L09a Firmware, Kobe L09ahn Firmware, Kobe W09c Firmware, Lelandp L22c Firmware, Lelandp L22d Firmware, Rhone Al00 Firmware, Selina L02 Firmware, Stanford L09s Firmware, Toronto Al00 Firmware, Toronto Al00a Firmware, Toronto Tl10 Firmware

Huawei

19 products

Agassi L09 Firmware

Agassi W09 Firmware

Baggio2 U01a Firmware

Lelandp L22c Firmware

Lelandp L22d Firmware

Rhone Al00 Firmware

Selina L02 Firmware

Stanford L09s Firmware

Toronto Al00 Firmware

Toronto Al00a Firmware

Toronto Tl10 Firmware

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Agassi L09 Firmware	Version ags-l09c100b257custc100d001
Huawei Agassi L09 Firmware	Version ags-l09c170b253custc170d001
Huawei Agassi L09 Firmware	Version ags-l09c199b251custc199d001
Huawei Agassi L09 Firmware	Version ags-l09c229b003custc229d001

Running on/with	Platform Versions
Huawei Agassi L09	All versions

Configuration B

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Agassi W09 Firmware	Version ags-w09c100b257custc100d001
Huawei Agassi W09 Firmware	Version ags-w09c128b252custc128d001
Huawei Agassi W09 Firmware	Version ags-w09c170b252custc170d001
Huawei Agassi W09 Firmware	Version ags-w09c229b251custc229d001
Huawei Agassi W09 Firmware	Version ags-w09c331b003custc331d001
Huawei Agassi W09 Firmware	Version ags-w09c794b001custc794d001

Running on/with	Platform Versions
Huawei Agassi W09	All versions

Configuration C

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Baggio2 U01a Firmware	Version bg2-u01c100b160custc100d001
Huawei Baggio2 U01a Firmware	Version bg2-u01c170b160custc170d001
Huawei Baggio2 U01a Firmware	Version bg2-u01c199b162custc199d001
Huawei Baggio2 U01a Firmware	Version bg2-u01c209b160custc209d001
Huawei Baggio2 U01a Firmware	Version bg2-u01c333b160custc333d001

Running on/with	Platform Versions
Huawei Baggio2 U01a	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bond Al00c Firmware	Version bond-al00cc00b201

Running on/with	Platform Versions
Huawei Bond Al00c	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bond Al10b Firmware	Version bond-al10bc00b201

Running on/with	Platform Versions
Huawei Bond Al10b	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bond Tl10b Firmware	Version bond-tl10bc01b201

Running on/with	Platform Versions
Huawei Bond Tl10b	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bond Tl10c Firmware	Version bond-tl10cc01b131

Running on/with	Platform Versions
Huawei Bond Tl10c	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Haydn L1jb Firmware	Version hdn-l1jc137b068

Running on/with	Platform Versions
Huawei Haydn L1jb	All versions

Configuration I

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Kobe L09a Firmware	Version kob-l09c100b252custc100d001
Huawei Kobe L09a Firmware	Version kob-l09c209b002custc209d001
Huawei Kobe L09a Firmware	Version kob-l09c362b001custc362d001

Running on/with	Platform Versions
Huawei Kobe L09a	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Kobe L09ahn Firmware	Version kob-l09c233b226

Running on/with	Platform Versions
Huawei Kobe L09ahn	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Kobe W09c Firmware	Version kob-w09c128b251custc128d001

Running on/with	Platform Versions
Huawei Kobe W09c	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Lelandp L22c Firmware	Version 8.0.0.101_c675custc675d2

Running on/with	Platform Versions
Huawei Lelandp L22c	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Lelandp L22d Firmware	Version 8.0.0.101_c675custc675d2

Running on/with	Platform Versions
Huawei Lelandp L22d	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rhone Al00 Firmware	Version rhone-al00c00b186

Running on/with	Platform Versions
Huawei Rhone Al00	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Selina L02 Firmware	Version selina-l02c432b153

Running on/with	Platform Versions
Huawei Selina L02	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Stanford L09s Firmware	Version stanford-l09sc432b183

Running on/with	Platform Versions
Huawei Stanford L09s	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Toronto Al00 Firmware	Version toronto-al00c00b223

Running on/with	Platform Versions
Huawei Toronto Al00	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Toronto Al00a Firmware	Version toronto-al00ac00b223

Running on/with	Platform Versions
Huawei Toronto Al00a	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Toronto Tl10 Firmware	Version toronto-tl10c01b223

Running on/with	Platform Versions
Huawei Toronto Tl10	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.