Insufficient Input Validation in Huawei Smartphones
CVE-2018-7922

7.8HIGH

Key Information:

Vendor: McAfee
Status: Alp-l09
Vendor: CVE Published:; 12 September 2018

Summary

Huawei ALP-L09 smartphones prior to version ALP-L09 8.0.0.150(C432) exhibit an insufficient input validation vulnerability. This arises from a failure to properly check parameters, allowing attackers to exploit the flaw by convincing users with root privileges to install malicious applications. If successful, the attacker can manipulate specific data within the device and may execute arbitrary code, potentially leading to unauthorized access and control over the smartphone.

Affected Version(s)

ALP-L09 Versions earlier than ALP-L09 8.0.0.150(C432)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2018
Vulnerability Reserved
Mar 9, 2018