Information Leak Vulnerability in Huawei Mate 9 NFC Module
CVE-2018-7930

5.7MEDIUM

Key Information:

Vendor: McAfee
Status: Mate 9
Vendor: CVE Published:; 11 April 2018

Summary

The NFC module in Huawei's Mate 9 mobile phones prior to version MHA-L29B 8.0.0.366(C567) is susceptible to an information leak due to inadequate validation of data transfer requests. This flaw allows an attacker to exploit the NFC functionality to receive arbitrary files sent from the affected device, leading to unauthorized information disclosure. Users are advised to update their devices promptly to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Mate 9 The versions before MHA-L29B 8.0.0.366(C567)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2018
Vulnerability Reserved
Mar 9, 2018