CVE-2018-7947

Published: Jul 31, 2018Modified: Nov 21, 2024

3.9

Vector

CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Exploitability: 0.5 / Impact: 3.4

Source: NVD

Description

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.

Affected (1)

Products: Huawei: Emily Al00a Firmware

1 product

Emily Al00a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Emily Al00a Firmware	Before 8.1.0.153\(c00\)

Running on/with	Platform Versions
Huawei Emily Al00a	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.