cnvd-2018-19589
Vulnerability from cnvd
Title: 多款华为产品信息泄露漏洞
Description:
Agassi-L09、Agassi-W09等均是华为公司智能产品。
多款华为产品存在信息泄露漏洞。由于对输入未进行充分校验,攻击者通过诱使用户安装一个恶意应用程序来利用此漏洞。攻击者成功利用漏洞后可以导致敏感信息泄露。
Severity: 高
Patch Name: 多款华为产品信息泄露漏洞的补丁
Patch Description:
Agassi-L09、Agassi-W09等均是华为公司智能产品。
多款华为产品存在信息泄露漏洞。由于对输入未进行充分校验,攻击者通过诱使用户安装一个恶意应用程序来利用此漏洞。攻击者成功利用漏洞后可以导致敏感信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
华为已发布版本修复该漏洞,安全预警链接: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180919-02-smartphone-cn
Reference: https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180919-02-smartphone-cn
Impacted products
| Name | ['Huawei Agassi-L09 AGS-L09C100B257CUSTC100D001', 'Huawei Agassi-L09 AGS-L09C170B253CUSTC170D001', 'Huawei Agassi-L09 AGS-L09C199B251CUSTC199D001', 'Huawei Agassi-L09 AGS-L09C229B003CUSTC229D001', 'Huawei Agassi-W09 AGS-W09C100B257CUSTC100D001', 'Huawei Agassi-W09 AGS-W09C128B252CUSTC128D001', 'Huawei Agassi-W09 AGS-W09C170B252CUSTC170D001', 'Huawei Agassi-W09 AGS-W09C229B251CUSTC229D001', 'Huawei Agassi-W09 AGS-W09C331B003CUSTC331D001', 'Huawei Agassi-W09 AGS-W09C794B001CUSTC794D001', 'Huawei Baggio2-U01A BG2-U01C100B160CUSTC100D001', 'Huawei Baggio2-U01A BG2-U01C170B160CUSTC170D001', 'Huawei Baggio2-U01A BG2-U01C199B162CUSTC199D001', 'Huawei Baggio2-U01A BG2-U01C209B160CUSTC209D001', 'Huawei Baggio2-U01A BG2-U01C333B160CUSTC333D001', 'Huawei Bond-AL00C Bond-AL00CC00B201', 'Huawei Bond-AL10B Bond-AL10BC00B201', 'Huawei Bond-TL10B Bond-TL10BC01B201', 'Huawei Bond-TL10C Bond-TL10CC01B131', 'Huawei Haydn-L1JB HDN-L1JC137B068', 'Huawei Kobe-L09A KOB-L09C100B252CUSTC100D001', 'Huawei Kobe-L09A KOB-L09C209B002CUSTC209D001', 'Huawei Kobe-L09A KOB-L09C362B001CUSTC362D001', 'Huawei Kobe-L09AHN KOB-L09C233B226', 'Huawei Kobe-W09C KOB-W09C128B251CUSTC128D001', 'Huawei LelandP-L22C 8.0.0.101(C675CUSTC675D2)', 'Huawei LelandP-L22D 8.0.0.101(C675CUSTC675D2)', 'Huawei Rhone-AL00 Rhone-AL00C00B186', 'Huawei Selina-L02 Selina-L02C432B153', 'Huawei Stanford-L09S Stanford-L09SC432B183', 'Huawei Toronto-AL00 Toronto-AL00C00B223', 'Huawei Toronto-AL00A Toronto-AL00AC00B223', 'Huawei Toronto-TL10 Toronto-TL10C01B223'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-7907"
}
},
"description": "Agassi-L09\u3001Agassi-W09\u7b49\u5747\u662f\u534e\u4e3a\u516c\u53f8\u667a\u80fd\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u7531\u4e8e\u5bf9\u8f93\u5165\u672a\u8fdb\u884c\u5145\u5206\u6821\u9a8c\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u4e00\u4e2a\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u540e\u53ef\u4ee5\u5bfc\u81f4\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3002",
"discovererName": "Huawei",
"formalWay": "\u534e\u4e3a\u5df2\u53d1\u5e03\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5b89\u5168\u9884\u8b66\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180919-02-smartphone-cn",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-19589",
"openTime": "2018-09-21",
"patchDescription": "Agassi-L09\u3001Agassi-W09\u7b49\u5747\u662f\u534e\u4e3a\u516c\u53f8\u667a\u80fd\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u7531\u4e8e\u5bf9\u8f93\u5165\u672a\u8fdb\u884c\u5145\u5206\u6821\u9a8c\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u4e00\u4e2a\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u540e\u53ef\u4ee5\u5bfc\u81f4\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Huawei Agassi-L09 AGS-L09C100B257CUSTC100D001",
"Huawei Agassi-L09 AGS-L09C170B253CUSTC170D001",
"Huawei Agassi-L09 AGS-L09C199B251CUSTC199D001",
"Huawei Agassi-L09 AGS-L09C229B003CUSTC229D001",
"Huawei Agassi-W09 AGS-W09C100B257CUSTC100D001",
"Huawei Agassi-W09 AGS-W09C128B252CUSTC128D001",
"Huawei Agassi-W09 AGS-W09C170B252CUSTC170D001",
"Huawei Agassi-W09 AGS-W09C229B251CUSTC229D001",
"Huawei Agassi-W09 AGS-W09C331B003CUSTC331D001",
"Huawei Agassi-W09 AGS-W09C794B001CUSTC794D001",
"Huawei Baggio2-U01A BG2-U01C100B160CUSTC100D001",
"Huawei Baggio2-U01A BG2-U01C170B160CUSTC170D001",
"Huawei Baggio2-U01A BG2-U01C199B162CUSTC199D001",
"Huawei Baggio2-U01A BG2-U01C209B160CUSTC209D001",
"Huawei Baggio2-U01A BG2-U01C333B160CUSTC333D001",
"Huawei Bond-AL00C Bond-AL00CC00B201",
"Huawei Bond-AL10B Bond-AL10BC00B201",
"Huawei Bond-TL10B Bond-TL10BC01B201",
"Huawei Bond-TL10C Bond-TL10CC01B131",
"Huawei Haydn-L1JB HDN-L1JC137B068",
"Huawei Kobe-L09A KOB-L09C100B252CUSTC100D001",
"Huawei Kobe-L09A KOB-L09C209B002CUSTC209D001",
"Huawei Kobe-L09A KOB-L09C362B001CUSTC362D001",
"Huawei Kobe-L09AHN KOB-L09C233B226",
"Huawei Kobe-W09C KOB-W09C128B251CUSTC128D001",
"Huawei LelandP-L22C 8.0.0.101(C675CUSTC675D2)",
"Huawei LelandP-L22D 8.0.0.101(C675CUSTC675D2)",
"Huawei Rhone-AL00 Rhone-AL00C00B186",
"Huawei Selina-L02 Selina-L02C432B153",
"Huawei Stanford-L09S Stanford-L09SC432B183",
"Huawei Toronto-AL00 Toronto-AL00C00B223",
"Huawei Toronto-AL00A Toronto-AL00AC00B223",
"Huawei Toronto-TL10 Toronto-TL10C01B223"
]
},
"referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180919-02-smartphone-cn",
"serverity": "\u9ad8",
"submitTime": "2018-09-21",
"title": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…