CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
30.6%
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user’s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | berlin-l21hn_firmware | * | cpe:2.3:o:huawei:berlin-l21hn_firmware:*:*:*:*:*:*:*:* |
huawei | berlin-l21hn | - | cpe:2.3:h:huawei:berlin-l21hn:-:*:*:*:*:*:*:* |
huawei | prague-al00a_firmware | * | cpe:2.3:o:huawei:prague-al00a_firmware:*:*:*:*:*:*:*:* |
huawei | prague-al00a | - | cpe:2.3:h:huawei:prague-al00a:-:*:*:*:*:*:*:* |
huawei | prague-al00b_firmware | * | cpe:2.3:o:huawei:prague-al00b_firmware:*:*:*:*:*:*:*:* |
huawei | prague-al00b | - | cpe:2.3:h:huawei:prague-al00b:-:*:*:*:*:*:*:* |
huawei | prague-al00c_firmware | * | cpe:2.3:o:huawei:prague-al00c_firmware:*:*:*:*:*:*:*:* |
huawei | prague-al00c | - | cpe:2.3:h:huawei:prague-al00c:-:*:*:*:*:*:*:* |
huawei | prague-l31_firmware | * | cpe:2.3:o:huawei:prague-l31_firmware:*:*:*:*:*:*:*:* |
huawei | prague-l31 | - | cpe:2.3:h:huawei:prague-l31:-:*:*:*:*:*:*:* |
[
{
"product": "Berlin-L21HN; Prague-AL00A; Prague-AL00B; Prague-AL00C; Prague-L31; Prague-TL00A; Prague-TL10A",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before Berlin-L21HNC185B381"
},
{
"status": "affected",
"version": "The versions before Prague-AL00AC00B223"
},
{
"status": "affected",
"version": "The versions before Prague-AL00BC00B223"
},
{
"status": "affected",
"version": "The versions before Prague-AL00CC00B223"
},
{
"status": "affected",
"version": "The versions before Prague-L31C432B208"
},
{
"status": "affected",
"version": "The versions before Prague-TL00AC01B223"
}
]
}
]
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
30.6%