var-201811-0557
Vulnerability from variot
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. plural Huawei Smartphones have authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALP-AL00B\BLA-AL00B is a smartphone launched by Huawei
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0557",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bla-al00b",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "8.0.0.1.18d\\(c00\\)"
},
{
"model": "bla-l09c",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "8.0.0.127\\(c432\\)"
},
{
"model": "alp-al00b",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "8.0.0.1.18d\\(c00\\)"
},
{
"model": "bla-l09c",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "8.0.0.137\\(c432\\)"
},
{
"model": "bla-l29c",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "8.0.0.127\\(c432\\)"
},
{
"model": "bla-l09c",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "8.0.0.128\\(c432\\)"
},
{
"model": "alp-tl00b",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "8.0.0.1.18d\\(c01\\)"
},
{
"model": "bla-l29c",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "8.0.0.137\\(c432\\)"
},
{
"model": "alp-al00b",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.118d(c00)"
},
{
"model": "alp-tl00b",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.118d(c01)"
},
{
"model": "bla-al00b",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.118d(c00)"
},
{
"model": "bla-l09c",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.127(c432)"
},
{
"model": "bla-l09c",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.128(c432)"
},
{
"model": "bla-l09c",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.137(c432)"
},
{
"model": "bla-l29c",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.129(c432)"
},
{
"model": "bla-l29c",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.137(c432)"
},
{
"model": "alp-al00b 8.0.0.118d",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "alp-tl00b 8.0.0.118d",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "bla-al00b 8.0.0.118d",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "bla-l09c 8.0.0.127",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "bla-l09c 8.0.0.128",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "bla-l09c 8.0.0.137",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "bla-l29c 8.0.0.129",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "bla-l29c 8.0.0.137",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-018"
},
{
"db": "NVD",
"id": "CVE-2018-7910"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:alp-al00b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:alp-tl00b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:bla-al00b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:bla-l09c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:bla-l29c_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
}
]
},
"cve": "CVE-2018-7910",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7910",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-22641",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-137942",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-7910",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7910",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7910",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-22641",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137942",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"db": "VULHUB",
"id": "VHN-137942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-018"
},
{
"db": "NVD",
"id": "CVE-2018-7910"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user\u0027s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. plural Huawei Smartphones have authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALP-AL00B\\\\BLA-AL00B is a smartphone launched by Huawei",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7910"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"db": "VULHUB",
"id": "VHN-137942"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7910",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-22641",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-018",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137942",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"db": "VULHUB",
"id": "VHN-137942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-018"
},
{
"db": "NVD",
"id": "CVE-2018-7910"
}
]
},
"id": "VAR-201811-0557",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"db": "VULHUB",
"id": "VHN-137942"
}
],
"trust": 1.221733824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22641"
}
]
},
"last_update_date": "2024-11-23T22:34:05.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20181101-01-bypass",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"
},
{
"title": "A variety of Huawei mobile phone authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143925"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86564"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-018"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"db": "NVD",
"id": "CVE-2018-7910"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181101-01-bypass-cn"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7910"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7910"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"db": "VULHUB",
"id": "VHN-137942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-018"
},
{
"db": "NVD",
"id": "CVE-2018-7910"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"db": "VULHUB",
"id": "VHN-137942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-018"
},
{
"db": "NVD",
"id": "CVE-2018-7910"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"date": "2018-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-137942"
},
{
"date": "2019-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-018"
},
{
"date": "2018-11-13T19:29:00.400000",
"db": "NVD",
"id": "CVE-2018-7910"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22641"
},
{
"date": "2018-12-12T00:00:00",
"db": "VULHUB",
"id": "VHN-137942"
},
{
"date": "2019-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011719"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-018"
},
{
"date": "2024-11-21T04:12:57.327000",
"db": "NVD",
"id": "CVE-2018-7910"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Authentication vulnerabilities in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-018"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…