CVE-2018-7926

4.6MEDIUM

Key Information

Vendor: McAfee
Status: Huawei Watch 2
Vendor: CVE Published:; 13 November 2018

Summary

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch.

Affected Version(s)

Huawei Watch 2 = Versions and earlier than OWDD.180707.001.E1

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2018
Vulnerability Reserved
Mar 9, 2018

Collectors

NVD DatabaseMitre Database