All the vulnerabilites related to huawei - mate_10_pro
cve-2018-7936
Vulnerability from cvelistv5
Published
2018-09-04 16:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | Mate 10 Pro |
Version: The versions before BLA-L29 8.0.0.148(C432) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-L29 8.0.0.148(C432)"
}
]
}
],
"datePublic": "2018-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-L29 8.0.0.148(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7936",
"datePublished": "2018-09-04T16:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7989
Vulnerability from cvelistv5
Published
2018-10-17 15:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | Mate 10 pro |
Version: The versions before BLA-AL00B 8.1.0.326(C00) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-AL00B 8.1.0.326(C00)"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T14:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-AL00B 8.1.0.326(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7989",
"datePublished": "2018-10-17T15:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7934
Vulnerability from cvelistv5
Published
2018-07-31 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | Mate 10 Pro |
Version: The versions before BLA-L29 8.0.0.145(C432) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before BLA-L29 8.0.0.145(C432)"
}
]
}
],
"datePublic": "2018-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-31T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before BLA-L29 8.0.0.145(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7934",
"datePublished": "2018-07-31T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15311
Vulnerability from cvelistv5
Published
2017-12-22 17:00
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | Mate 10 |
Version: before ALP-AL00 8.0.0.120(SP2C00) |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 9",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before MHA-AL00B 8.0.0.334(C00)"
}
]
},
{
"product": "Mate 9 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
],
"datePublic": "2017-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-25T00:00:00",
"ID": "CVE-2017-15311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 9",
"version": {
"version_data": [
{
"version_value": "before MHA-AL00B 8.0.0.334(C00)"
}
]
}
},
{
"product_name": "Mate 9 Pro",
"version": {
"version_data": [
{
"version_value": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15311",
"datePublished": "2017-12-22T17:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-17T04:29:33.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5264
Vulnerability from cvelistv5
Published
2019-12-13 23:00
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9 |
Version: Versions earlier than 9.0.0.167(C00E85R2P20T8) Version: Versions earlier than 9.0.0.159(C432E4R1P9T8) Version: Versions earlier than 9.0.0.177(C185E2R1P12T8) Version: Versions earlier than 9.0.0.159(C636E2R1P12T8) Version: Versions earlier than 9.0.0.167(C00E87R2P15T8) Version: Versions earlier than 9.0.0.159(C185E2R1P13T8) Version: Versions earlier than 9.0.0.161(C432E4R1P11T8) Version: Versions earlier than 9.0.0.159(C636E2R1P13T8) Version: Versions earlier than 9.0.0.156(C00E156R2P14T8) Version: Versions earlier than 9.0.0.159(C636E3R1P12T8) Version: Versions earlier than 9.1.0.107(C00E107R2P8T8) Version: Versions earlier than 9.1.0.119(C636E5R1P1T8) Version: Versions earlier than 9.1.0.130(C432E8R1P5T8) Version: Versions earlier than 9.1.0.111(C00E111R1P6T8) Version: Versions earlier than 9.1.0.115(C432E5R1P1T8) Version: Versions earlier than 9.1.0.120(C636E5R1P1T8) Version: Versions earlier than 9.1.0.113(C00E111R2P10T8) Version: Versions earlier than 9.1.0.118(C636E4R1P1T8) Version: Versions earlier than 9.1.0.118(C185E4R1P4T8) Version: Versions earlier than 9.1.0.121(C432E4R1P3T8) Version: Versions earlier than 9.1.0.112(C00E112R1P6T8) Version: Versions earlier 9.1.0.106(SP53C636E2R1P4T8) Version: Versions earlier than 9.0.1.158(C432E6R1P8T8) Version: Versions earlier than 9.0.1.159(C636E6R1P8T8) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:00:29",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"version_value": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"version_value": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"version_value": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"version_value": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"version_value": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"version_value": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"version_value": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"version_value": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5264",
"datePublished": "2019-12-13T23:00:29",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1785
Vulnerability from cvelistv5
Published
2020-01-03 14:45
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Mate 10 Pro;Honor V10;Honor 10;Nova 4 |
Version: Versions earlier than 9.1.0.321(C605E4R1P13T8) Version: Versions earlier than 9.1.0.321(C636E4R1P14T8) Version: Versions earlier than 9.1.0.330(C432E6R1P12T8) Version: Versions earlier than 9.1.0.333(C00E333R2P1T8) Version: Versions earlier than 9.1.0.350(C636E4R1P13T8) Version: Versions earlier than 9.1.0.351(C432E5R1P13T8) Version: Versions earlier than 9.1.0.350(C10E5R1P14T8) Version: Versions earlier than 9.1.0.350(C185E3R1P12T8) Version: Versions earlier than 9.1.0.350(C461E3R1P11T8) Version: Versions earlier than 9.1.0.350(C636E3R1P13T8) Version: Versions earlier than 9.1.0.225(C636E1R4P1) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10 Pro;Honor V10;Honor 10;Nova 4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C605E4R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E3R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.225(C636E1R4P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T14:45:04",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10 Pro;Honor V10;Honor 10;Nova 4",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.321(C605E4R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E3R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.225(C636E1R4P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1785",
"datePublished": "2020-01-03T14:45:04",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7990
Vulnerability from cvelistv5
Published
2018-09-04 16:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | Mate10 Pro |
Version: The versions before 8.1.0.326(C00) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before 8.1.0.326(C00)"
}
]
}
],
"datePublic": "2018-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate10 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before 8.1.0.326(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7990",
"datePublished": "2018-09-04T16:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-07-31 14:29
Modified
2024-11-21 04:12
Severity ?
Summary
Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF37AE5-E14A-4ED0-BACA-585026A5ADD0",
"versionEndExcluding": "bla-l29_8.0.0.145\\(c432\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
},
{
"lang": "es",
"value": "Algunos tel\u00e9fonos m\u00f3viles de Huawei con versiones anteriores a la BLA-L29 8.0.0.145(C432) tienen una vulnerabilidad de denegaci\u00f3n de servicio (DoS) porque no se adaptan a gestos de pantalla concretos. Un atacante podr\u00eda enga\u00f1ar a un usuario para que instale una app maliciosa. Como resultado, las aplicaciones que se ejecutan en el frontend se cierran inesperadamente una vez el usuario realiza gestos de pantalla concretos."
}
],
"id": "CVE-2018-7934",
"lastModified": "2024-11-21T04:12:59.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-31T14:29:00.950",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-04 16:29
Modified
2024-11-21 04:13
Severity ?
Summary
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B1D1C9F-4A2B-4394-8BDB-B52687EDB3CE",
"versionEndExcluding": "8.1.0.326\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass \"Find My Phone\" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP."
},
{
"lang": "es",
"value": "Los smartphones Huawei Mate10 Pro en versiones anteriores a la 8.1.0.326(C00) tienen una vulnerabilidad de omisi\u00f3n de Factory Reset Protection (FRP). Durante el proceso de reinicio del tel\u00e9fono m\u00f3vil, un atacante podr\u00eda omitir la protecci\u00f3n \"Find My Phone\" tras una serie de operaciones de voz y teclado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante omita FRP."
}
],
"id": "CVE-2018-7990",
"lastModified": "2024-11-21T04:13:02.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T16:29:01.003",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180831-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-22 17:29
Modified
2024-11-21 03:14
Severity ?
Summary
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_firmware | * | |
| huawei | mate_10 | - | |
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - | |
| huawei | mate_9_firmware | * | |
| huawei | mate_9 | - | |
| huawei | mate_9_pro_firmware | * | |
| huawei | mate_9_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E91ECD-963D-4547-8712-912A68678E04",
"versionEndExcluding": "alp-al00_8.0.0.120\\(sp2c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70F576DC-ADE1-4DE1-BDBA-617013F4DAD3",
"versionEndExcluding": "bla-al00_8.0.0.120\\(sp2c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9640332-F80C-4360-A67E-C00C99D807D5",
"versionEndExcluding": "mha-al00b_8.0.0.334\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C983B9F-8A7B-4FF1-8073-7C397714991A",
"versionEndExcluding": "lon-al00b_8.0.0.334\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
},
{
"lang": "es",
"value": "Los m\u00f3dulos baseband de los smartphones Huawei Mate 10, Mate 10 Pro, Mate 9 y Mate 9 Pro con versiones de software anteriores a ALP-AL00 8.0.0.120(SP2C00), anteriores a BLA-AL00 8.0.0.120(SP2C00), anteriores a MHA-AL00B 8.0.0.334(C00) y anteriores a LON-AL00B 8.0.0.334(C00) incluyen una vulnerabilidad de desbordamiento de pila debido a una falta de validaci\u00f3n de par\u00e1metros. Un atacante podr\u00eda enviar paquetes maliciosos a los smartphones dentro del rango de radio mediante dispositivos inal\u00e1mbricos especiales. Esto da lugar a un desbordamiento de pila cuando el m\u00f3dulo baseband manipula estos paquetes. El atacante podr\u00eda explotar esta vulnerabilidad para realizar un ataque de denegaci\u00f3n de servicio (DoS) o para ejecutar c\u00f3digo de manera remota en el m\u00f3dulo baseband."
}
],
"id": "CVE-2017-15311",
"lastModified": "2024-11-21T03:14:26.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-22T17:29:13.063",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-13 23:15
Modified
2024-11-21 04:44
Severity ?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB97444-78F0-42E8-BFD9-B89581D3CF78",
"versionEndExcluding": "9.0.0.167\\(c00e85r2p20t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA00374C-6305-4345-8519-4B499A20F99F",
"versionEndExcluding": "9.0.0.159\\(c432e4r1p9t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F963B1-C9D3-44A4-B7C9-206FF9A2503A",
"versionEndExcluding": "9.0.0.177\\(c185e2r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2990333D-857C-4C65-B940-978447168E23",
"versionEndExcluding": "9.0.0.159\\(c636e2r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C97C82D-1965-4B5D-A5BF-796E07B6E12E",
"versionEndExcluding": "9.0.0.167\\(c00e87r2p15t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D17EEA8-3102-42D0-ABDB-A07B180F7C4A",
"versionEndExcluding": "9.0.0.159\\(c185e2r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "292942FC-5A4B-4E4D-B6F9-B1FB22241282",
"versionEndExcluding": "9.0.0.161\\(c432e4r1p11t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8551C436-EB83-4982-A896-1804F5706C97",
"versionEndExcluding": "9.0.0.159\\(c636e2r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC77875A-B792-4F5B-9D79-A88121825CE1",
"versionEndExcluding": "9.0.0.156\\(c00e156r2p14t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB619BE5-AEF8-4BB1-8700-198C9536A37D",
"versionEndExcluding": "9.0.0.159\\(c432e4r1p9t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E15EECD-43B1-40CA-9491-F07DF8F468B6",
"versionEndExcluding": "9.0.0.159\\(c636e3r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:changxiang_7s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7A8043-4A12-42FD-A17E-FF175F20E14A",
"versionEndExcluding": "9.1.0.107\\(c00e107r2p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:changxiang_7s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C49A64F9-A264-42F8-8213-10F893AF4520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p-smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9D516B-8474-4194-97D3-155B13975A75",
"versionEndExcluding": "9.1.0.119\\(c636e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p-smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA90F70B-C5A2-4B14-AECA-B2014FAFC3C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:p-smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "449025DE-ABD7-437E-9B4A-7541CC184E19",
"versionEndExcluding": "9.1.0.130\\(c432e8r1p5t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:p-smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA90F70B-C5A2-4B14-AECA-B2014FAFC3C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:changxiang_8_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455F22C9-E60D-4335-9780-8068FB42DEFC",
"versionEndExcluding": "9.1.0.111\\(c00e111r1p6t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:changxiang_8_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED01DFA5-3411-4D0D-B41D-9D6E3AD620FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y9_2018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DBAFE8-3B9B-4F2A-A902-8FA9E76B6815",
"versionEndExcluding": "9.1.0.115\\(c432e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y9_2018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8ED2EF-8C0B-48E7-BB76-261F1BE3B857",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:y9_2018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27FB85CA-EE8E-47E6-8BC6-D0D3F78E310B",
"versionEndExcluding": "9.1.0.120\\(c636e5r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:y9_2018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8ED2EF-8C0B-48E7-BB76-261F1BE3B857",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "287546B5-A7EF-44A0-8EA9-80809C40E916",
"versionEndExcluding": "9.1.0.113\\(c00e111r2p10t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61024F08-FAB3-442D-81A1-14E42B3F154B",
"versionEndExcluding": "9.1.0.118\\(c636e4r1p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49DEB50F-8345-4509-88A8-9F804D13C358",
"versionEndExcluding": "9.1.0.118\\(c185e4r1p4t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C15176A7-3D9B-461B-BF23-82DBABDFB764",
"versionEndExcluding": "9.1.0.121\\(c432e4r1p3t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E571CDA8-577E-4165-A960-DAD978FD23BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A952DE4-CE00-42FB-BDBF-B024B2ABB004",
"versionEndExcluding": "9.1.0.121\\(c432e4r1p3t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76911BF2-6AA5-4E8F-A0C2-50488C9645D3",
"versionEndExcluding": "9.1.0.106\\(sp53c636e2r1p4t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F931151C-4D0A-44D1-9417-B467F7E148A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3574DAD1-E9B6-4D18-BD26-5EE85FB11412",
"versionEndExcluding": "9.0.1.158\\(c432e6r1p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C743611-3E88-43E1-884D-FCB906870D01",
"versionEndExcluding": "9.0.1.159\\(c636e6r1p8t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
},
{
"lang": "es",
"value": "tiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en ciertos tel\u00e9fonos inteligentes Huawei (Mate 10; Mate 10 Pro; Honor V10; Changxiang 7S; P-smart; Changxiang 8 Plus; Y9 2018; Honor 9 Lite; Honor 9i; Mate 9). El software no maneja apropiadamente cierta informaci\u00f3n de aplicaciones bloqueadas mediante applock en una condici\u00f3n extra\u00f1a. La explotaci\u00f3n con \u00e9xito podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2019-5264",
"lastModified": "2024-11-21T04:44:38.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T23:15:12.050",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-04 16:29
Modified
2024-11-21 04:12
Severity ?
Summary
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1AF331-E536-445B-B75B-28AF99A4525A",
"versionEndExcluding": "bla-l29_8.0.0.148\\(c432\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed."
},
{
"lang": "es",
"value": "Los smartphones Huawei Mate 10 Pro con software anterior a las versiones BLA-L29 8.0.0.148(C432) tienen una vulnerabilidad de seguridad de omisi\u00f3n de Factory Reset Protection (FRP). Al reconfigurar el tel\u00e9fono m\u00f3vil mediante la funci\u00f3n FRP (Factory Reset Protection), un atacante puede conectar su tel\u00e9fono al PC y enviar instrucciones especiales para instalar un escritorio de terceros y deshabilitar el asistente de arranque. Como resultado, se omite la funci\u00f3n FRP."
}
],
"id": "CVE-2018-7936",
"lastModified": "2024-11-21T04:12:59.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T16:29:00.613",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-03 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - | |
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - | |
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - | |
| huawei | honor_v10_firmware | * | |
| huawei | honor_v10 | - | |
| huawei | honor_v10_firmware | * | |
| huawei | honor_v10 | - | |
| huawei | honor_v10_firmware | * | |
| huawei | honor_v10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | honor_10_firmware | * | |
| huawei | honor_10 | - | |
| huawei | nova_4_firmware | * | |
| huawei | nova_4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51374D35-8EE8-4A6D-BFE9-561342F8C219",
"versionEndExcluding": "9.1.0.321\\(c605e4r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FDA48C-29BD-4FF8-A461-5B0DBFA26316",
"versionEndExcluding": "9.1.0.321\\(c636e4r1p14t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03B98CA0-296C-4404-A853-735C1A1E452F",
"versionEndExcluding": "9.1.0.330\\(c432e6r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B394D790-9589-4FC3-8B51-47B9F6E241D2",
"versionEndExcluding": "9.1.0.333\\(c00e333r2p1t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC5D740-6DEC-42E0-BD76-E253389C8AC2",
"versionEndExcluding": "9.1.0.350\\(c636e4r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D410275-349D-421F-8700-76F0AB160928",
"versionEndExcluding": "9.1.0.351\\(c432e5r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592CF37A-83FA-4C85-B5E7-1DB2297A77A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9614091A-8FEA-422F-BCB9-BC3434527428",
"versionEndExcluding": "9.1.0.350\\(c10e5r1p14t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2810D0DE-E189-4365-8E6F-D5E185886BBE",
"versionEndExcluding": "9.1.0.350\\(c185e3r1p12t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB0784-E604-4DA7-AB16-AB6C77425F70",
"versionEndExcluding": "9.1.0.350\\(c461e3r1p11t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "536F2BCC-02B1-46FE-82BA-09C47E464F7E",
"versionEndExcluding": "9.1.0.350\\(c636e3r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:honor_10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76784FE7-7B76-4135-A74F-20884EDA55AA",
"versionEndExcluding": "9.1.0.351\\(c432e5r1p13t8\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:honor_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6645D5D7-213C-4B3E-B5A6-8987AEFB411D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:nova_4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D2CF01-95D0-4FD3-91FE-3242C3D3DA6F",
"versionEndExcluding": "9.1.0.225\\(c636e1r4p1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:nova_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07D1E240-F1DE-4FC0-84B7-873978A9A6B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos inteligentes Mate 10 Pro; Honor V10; Honor 10; Nova 4, tiene una vulnerabilidad de denegaci\u00f3n de servicio. El sistema no comprueba apropiadamente el estado de cierto m\u00f3dulo durante determinadas operaciones, un atacante debe enga\u00f1ar al usuario para que instale una aplicaci\u00f3n maliciosa, una explotaci\u00f3n con \u00e9xito podr\u00eda causar el reinicio del tel\u00e9fono inteligente."
}
],
"id": "CVE-2020-1785",
"lastModified": "2024-11-21T05:11:22.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-03T15:15:12.070",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-17 15:29
Modified
2024-11-21 04:13
Severity ?
Summary
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate_10_pro_firmware | * | |
| huawei | mate_10_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate_10_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E18BE6BB-4FE6-4362-8FA4-08659156E91C",
"versionEndExcluding": "bla-al00b_8.1.0.326\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate_10_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC0AD4F-0368-4F29-ACCF-B948B8C6BE05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked."
},
{
"lang": "es",
"value": "Los smartphones Huawei Mate 10 en versiones anteriores a la BLA-AL00B 8.1.0.326(C00) tienen una vulnerabilidad de autenticaci\u00f3n incorrecta. App Lock es una funci\u00f3n para prevenir el uso no autorizado de aplicaciones en los smartphones. Un atacante podr\u00eda cambiar directamente la contrase\u00f1a de bloqueo tras una serie de operaciones. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante emplee aplicaciones bloqueadas."
}
],
"id": "CVE-2018-7989",
"lastModified": "2024-11-21T04:13:02.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T15:29:00.820",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}