CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
29.6%
Some Huawei smartphones have an authentication bypass vulnerability. When the attacker obtains the user’s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. (Vulnerability ID: HWPSIRT-2018-02106)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7910.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | alp-al00b_firmware | 8.0.0.118d | cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.118d:*:*:*:*:*:*:* |
huawei | alp-tl00b_firmware | 8.0.0.118d | cpe:2.3:o:huawei:alp-tl00b_firmware:8.0.0.118d:*:*:*:*:*:*:* |
huawei | bla-al00b_firmware | 8.0.0.118d | cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.118d:*:*:*:*:*:*:* |
huawei | bla-l09c_firmware | 8.0.0.127 | cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.127:*:*:*:*:*:*:* |
huawei | bla-l09c_firmware | 8.0.0.128 | cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.128:*:*:*:*:*:*:* |
huawei | bla-l09c_firmware | 8.0.0.137 | cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.137:*:*:*:*:*:*:* |
huawei | bla-l29c_firmware | 8.0.0.129 | cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.129:*:*:*:*:*:*:* |
huawei | bla-l29c_firmware | 8.0.0.137 | cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.137:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
29.6%