CVE Vulnerability

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.

4.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

3.9 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en Vendor Advisory
Configurations

Configuration 1
Information

Published : 2018-07-31 02:29

Updated : 2018-10-04 09:39

NVD link : CVE-2018-7947

Mitre link : CVE-2018-7947

Products Affected

Emily-al00a

Huawei

CWE
CWE-287