Sensitive Information Leak in Huawei Smartphone Products
CVE-2018-7907

5.5MEDIUM

Key Information:

Vendor

McAfee
Status
Agassi-l09,agassi-w09,baggio2-u01a,bond-al00c,bond-al10b,bond-tl10b,bond-tl10c,haydn-l1jb,kobe-l09a,kobe-l09ahn,kobe-w09c,lelandp-l22c,lelandp-l22d,rhone-al00,selina-l02,stanford-l09s,toronto-al00,toronto-al00a,toronto-tl10
Vendor
CVE Published:
26 September 2018

What is CVE-2018-7907?

Certain Huawei smartphone models have a vulnerability allowing sensitive information to leak due to insufficient input verification. An attacker could deceive users into installing malicious applications, leading to unauthorized data access. It is crucial for users of affected devices to remain vigilant and to avoid installing untrusted applications to mitigate the risk of sensitive data being compromised.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Agassi-L09,Agassi-W09,Baggio2-U01A,Bond-AL00C,Bond-AL10B,Bond-TL10B,Bond-TL10C,Haydn-L1JB,Kobe-L09A,Kobe-L09AHN,Kobe-W09C,LelandP-L22C,LelandP-L22D,Rhone-AL00,Selina-L02,Stanford-L09S,Toronto-AL00,Toronto-AL00A,Toronto-TL10 Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001,Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001,Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001,Bond-AL00C Bond-AL00CC00B201,Bond-AL10B Bond-AL10BC00B201,Bond-TL10B Bond-TL10BC01B201,Bond-TL10C Bond-TL10CC01B131,Haydn-L1JB HDN-L1JC137B068,Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001,Kobe-L09AHN KOB-L09C233B226,Kobe-W09C KOB-W09C128B251CUSTC128D001,LelandP-L22C 8.0.0.101(C675CUSTC675D2),LelandP-L22D 8.0.0.101(C675CUSTC675D2),Rhone-AL00 Rhone-AL00C00B186,Selina-L02 Selina-L02C432B153,Stanford-L09S Stanford-L09SC432B183,Toronto-AL00 Toronto-AL00C00B223,Toronto-AL00A Toronto-AL00AC00 ...[truncated*]

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.