CVE Vulnerability

CVE-2018-7930

The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.

2.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 5.5 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en Vendor Advisory
Configurations

Configuration 1
Information

Published : 2018-04-11 05:29

Updated : 2018-05-24 03:18

NVD link : CVE-2018-7930

Mitre link : CVE-2018-7930

Products Affected

Huawei

Mate 9 Firmware

CWE
CWE-200