CVE-2018-7910
6.8
Vector
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD
Description
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.
Affected (8)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.0.0.1.18d(c00) |
| Running on/with | Platform Versions |
|---|---|
Huawei Alp Al00b | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.0.0.1.18d(c01) |
| Running on/with | Platform Versions |
|---|---|
Huawei Alp Tl00b | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.0.0.1.18d(c00) |
| Running on/with | Platform Versions |
|---|---|
Huawei Bla Al00b | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.0.0.127(c432) |
| Running on/with | Platform Versions |
|---|---|
Huawei Bla L09c | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.0.0.127(c432) |
| Running on/with | Platform Versions |
|---|---|
Huawei Bla L29c | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.