VAR-201807-1848
Vulnerability from variot - Updated: 2023-12-18 12:50Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. Emily-AL00A Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiEmily-AL00A is a smartphone device from China's Huawei company. The following products and versions are affected: Huawei Anne-AL00 before 9.1.0.122 (C00E120R1P7T8); Honor Play 7A before 8.0.0.213 (C00); Atomu-L03 before 8.0.0.159 (C605CUSTC605D1); Atomu-L11 8.0. 0.149(C782CUSTC782D1) previous version; Atomu-L21 8.0.0.153(C432CUSTC432D1) previous version; Atomu-L23 8.0.0.162(C605CUSTC605D1) previous version; Atomu-L29A 8.0.0.149(C432CUSTC432D1) previous version, 8.0.0.149(C461CUSTC461D1) Before Version, version before 8.0.0.150(C185CUSTC185D1), version before 8.0.0.165(C636CUSTC636D1); version before Atomu-L41 8.0.0.151(C461CUSTC461D1); version before Atomu-L42 8.0.0.153(C636CUSTC636D1-1.0.8.10Berkeley); Version before (C01E181R1P14T8); Version before Delhi-L42 Version before Delhi-L42C185B123, Version before Delhi-L42C432B136; Version before Duke-L09 Version Duke-L09C10B187, Version Duke-L09C432B189, Version Duke-L09C636B189; Figo-L03 8.0.0.137 (C605) version; Figo-L11 8.0.0.135 (C432) version, 9.1.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emily-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "8.1.0.153\\(c00\\)"
},
{
"model": "emily-al00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.1.0.153(c00)"
},
{
"model": "emily-al00a \u003c8.1.0.153",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "emily-al00a",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "8.1.0.107\\(sp5c00\\)"
},
{
"model": "emily-al00a",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "8.1.0.106\\(sp2c00\\)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"db": "NVD",
"id": "CVE-2018-7947"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:emily-al00a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.0.153\\(c00\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:emily-al00a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7947"
}
]
},
"cve": "CVE-2018-7947",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7947",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-13551",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-137979",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.5,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 3.9,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7947",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7947",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2018-13551",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-2012",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-137979",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"db": "VULHUB",
"id": "VHN-137979"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"db": "NVD",
"id": "CVE-2018-7947"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. Emily-AL00A Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiEmily-AL00A is a smartphone device from China\u0027s Huawei company. The following products and versions are affected: Huawei Anne-AL00 before 9.1.0.122 (C00E120R1P7T8); Honor Play 7A before 8.0.0.213 (C00); Atomu-L03 before 8.0.0.159 (C605CUSTC605D1); Atomu-L11 8.0. 0.149(C782CUSTC782D1) previous version; Atomu-L21 8.0.0.153(C432CUSTC432D1) previous version; Atomu-L23 8.0.0.162(C605CUSTC605D1) previous version; Atomu-L29A 8.0.0.149(C432CUSTC432D1) previous version, 8.0.0.149(C461CUSTC461D1) Before Version, version before 8.0.0.150(C185CUSTC185D1), version before 8.0.0.165(C636CUSTC636D1); version before Atomu-L41 8.0.0.151(C461CUSTC461D1); version before Atomu-L42 8.0.0.153(C636CUSTC636D1-1.0.8.10Berkeley); Version before (C01E181R1P14T8); Version before Delhi-L42 Version before Delhi-L42C185B123, Version before Delhi-L42C432B136; Version before Duke-L09 Version Duke-L09C10B187, Version Duke-L09C432B189, Version Duke-L09C636B189; Figo-L03 8.0.0.137 (C605) version; Figo-L11 8.0.0.135 (C432) version, 9.1.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"db": "VULHUB",
"id": "VHN-137979"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7947",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2012",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-13551",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137979",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"db": "VULHUB",
"id": "VHN-137979"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"db": "NVD",
"id": "CVE-2018-7947"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
]
},
"id": "VAR-201807-1848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"db": "VULHUB",
"id": "VHN-137979"
}
],
"trust": 1.31904764
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13551"
}
]
},
"last_update_date": "2023-12-18T12:50:36.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180720-01-mobile",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en"
},
{
"title": "HuaweiEmily-AL00A authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/134843"
},
{
"title": "Huawei Emily-AL00A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82739"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137979"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"db": "NVD",
"id": "CVE-2018-7947"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180720-01-mobile-cn"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7947"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7947"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"db": "VULHUB",
"id": "VHN-137979"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"db": "NVD",
"id": "CVE-2018-7947"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"db": "VULHUB",
"id": "VHN-137979"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"db": "NVD",
"id": "CVE-2018-7947"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"date": "2018-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-137979"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"date": "2018-07-31T14:29:00.980000",
"db": "NVD",
"id": "CVE-2018-7947"
},
{
"date": "2018-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13551"
},
{
"date": "2018-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-137979"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008888"
},
{
"date": "2018-10-04T21:39:25.220000",
"db": "NVD",
"id": "CVE-2018-7947"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emily-AL00A Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008888"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-2012"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…