cnvd - cnvd-2018-07664

cnvd-2018-07664

Vulnerability from cnvd

Title: Huawei Mate 9 MHA-L29B Near Field Communication组件信息泄露漏洞

Description:

Huawei Mate 9是中国华为（Huawei）公司的一款智能手机。Near Field Communication（NFC）moudle是其中的一个近距离无线通讯模块。

Huawei Mate 9 MHA-L29B 8.0.0.366(C567)之前版本中的NFC组件存在信息泄露漏洞，该漏洞源于程序未能充分的校验数据转移请求。当受影响的手机使用NFC功能向攻击者手机发送文件时，攻击者可利用该漏洞获取用户手机上的任意文件。

Severity: 高

Patch Name: Huawei Mate 9 MHA-L29B Near Field Communication组件信息泄露漏洞的补丁

Patch Description:

Huawei Mate 9是中国华为（Huawei）公司的一款智能手机。Near Field Communication（NFC）moudle是其中的一个近距离无线通讯模块。

Huawei Mate 9 MHA-L29B 8.0.0.366(C567)之前版本中的NFC组件存在信息泄露漏洞，该漏洞源于程序未能充分的校验数据转移请求。当受影响的手机使用NFC功能向攻击者手机发送文件时，攻击者可利用该漏洞获取用户手机上的任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180411-01-smartphone-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180411-01-smartphone-cn

Impacted products

Name
Huawei Mate 9 <MHA-L29B 8.0.0.366(C567)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7930"
    }
  },
  "description": "Huawei Mate 9\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002Near Field Communication\uff08NFC\uff09moudle\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8fd1\u8ddd\u79bb\u65e0\u7ebf\u901a\u8baf\u6a21\u5757\u3002\r\n\r\nHuawei Mate 9 MHA-L29B 8.0.0.366(C567)\u4e4b\u524d\u7248\u672c\u4e2d\u7684NFC\u7ec4\u4ef6\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6821\u9a8c\u6570\u636e\u8f6c\u79fb\u8bf7\u6c42\u3002\u5f53\u53d7\u5f71\u54cd\u7684\u624b\u673a\u4f7f\u7528NFC\u529f\u80fd\u5411\u653b\u51fb\u8005\u624b\u673a\u53d1\u9001\u6587\u4ef6\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7528\u6237\u624b\u673a\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180411-01-smartphone-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07664",
  "openTime": "2018-04-13",
  "patchDescription": "Huawei Mate 9\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002Near Field Communication\uff08NFC\uff09moudle\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8fd1\u8ddd\u79bb\u65e0\u7ebf\u901a\u8baf\u6a21\u5757\u3002\r\n\r\nHuawei Mate 9 MHA-L29B 8.0.0.366(C567)\u4e4b\u524d\u7248\u672c\u4e2d\u7684NFC\u7ec4\u4ef6\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6821\u9a8c\u6570\u636e\u8f6c\u79fb\u8bf7\u6c42\u3002\u5f53\u53d7\u5f71\u54cd\u7684\u624b\u673a\u4f7f\u7528NFC\u529f\u80fd\u5411\u653b\u51fb\u8005\u624b\u673a\u53d1\u9001\u6587\u4ef6\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7528\u6237\u624b\u673a\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Mate 9 MHA-L29B Near Field Communication\u7ec4\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei Mate 9 \u003cMHA-L29B 8.0.0.366(C567)"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180411-01-smartphone-cn",
  "serverity": "\u9ad8",
  "submitTime": "2018-04-12",
  "title": "Huawei Mate 9 MHA-L29B Near Field Communication\u7ec4\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2018-7930 (GCVE-0-2018-7930)

Vulnerability from cvelistv5

Published

2018-04-11 17:00

Modified

2024-08-05 06:37

Severity ?

CWE

information leak

Summary

The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	Mate 9	Version: The versions before MHA-L29B 8.0.0.366(C567)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mate 9",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "The versions before MHA-L29B 8.0.0.366(C567)"
            }
          ]
        }
      ],
      "datePublic": "2018-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker\u0027s mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-11T16:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2018-7930",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mate 9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "The versions before MHA-L29B 8.0.0.366(C567)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker\u0027s mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2018-7930",
    "datePublished": "2018-04-11T17:00:00",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted