Vulnerability CVE-2018-7910
Published: 2018-11-13

Description:
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Huawei -> Alp-al00b firmware 
Huawei -> Alp-tl00b firmware 
Huawei -> Bla-al00b firmware 
Huawei -> Bla-l09c firmware 
Huawei -> Bla-l29c firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en
Copyright 2024, cxsecurity.com

 

Back to Top