CVE-2018-7924

Published: Oct 17, 2018Modified: Nov 21, 2024

2.4

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.9 / Impact: 1.4

Source: NVD

Description

Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone.

Affected (1)

Products: Huawei: Anne Al00 Firmware

1 product

Anne Al00 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Anne Al00 Firmware	Version 8.0.0.151(c00)

Running on/with	Platform Versions
Huawei Anne Al00	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181017-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181017-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.