CVE-2018-7910
Vulnerability from cvelistv5
Published
2018-11-13 19:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Huawei Technologies Co., Ltd. | ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C |
Version: ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C", "vendor": "Huawei Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)" } ] } ], "datePublic": "2018-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user\u0027s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone." } ], "problemTypes": [ { "descriptions": [ { "description": "authentication bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-13T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2018-7910", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C", "version": { "version_data": [ { "version_value": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)" } ] } } ] }, "vendor_name": "Huawei Technologies Co., Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user\u0027s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "authentication bypass" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en" } ] } } } }, "cveMetadata": { "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2018-7910", "datePublished": "2018-11-13T19:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2024-08-05T06:37:59.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-7910\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2018-11-13T19:29:00.400\",\"lastModified\":\"2024-11-21T04:12:57.327\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user\u0027s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.\"},{\"lang\":\"es\",\"value\":\"Algunos smartphones Huawei ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432) y 8.0.0.137(C432) tienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Cuando el atacante obtiene el smartphone del usuario, la vulnerabilidad se puede emplear para reemplazar el programa de arranque para que el atacante pueda obtener la informaci\u00f3n en el smartphone y lograr controlarlo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.1.18d\\\\(c00\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D327AD65-437A-4DA9-B38E-FFE9147AAB82\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:alp-al00b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA2B2F1-3D58-4DC7-AB7A-28BF8B282333\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:alp-tl00b_firmware:8.0.0.1.18d\\\\(c01\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"439861D3-3F70-4A8C-A2F0-99120207E3CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:alp-tl00b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7918CD6-341B-4FCC-BD31-30B8952192C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.1.18d\\\\(c00\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F0F9A3-BC44-463E-BF84-593CAC5CBB45\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:bla-al00b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B11D6D9B-335B-404C-88F3-590DF9E5D878\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.127\\\\(c432\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2CADEF0-2830-4883-8B52-4BCE6B74DBF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.128\\\\(c432\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4C168E2-2679-478D-815F-FD909FBE1B38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.137\\\\(c432\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87AC6AB6-B166-4098-98E1-79A6407DAFA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:bla-l09c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C787E52-055B-4931-9B5C-604F1578A3A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.127\\\\(c432\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8BD839-9468-4F62-A66B-25C1AF032D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.137\\\\(c432\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641C18E2-CB4A-4169-B836-B4CD171248EC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:bla-l29c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"551386D1-3D02-4319-B2A2-1AAE80F7F249\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.