ID

VAR-201804-1328


CVE

CVE-2018-7901


TITLE

Huawei ALP-AL00B Smartphone and BLA-AL00B Vulnerabilities related to authorization, authority, and access control in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2018-004976

DESCRIPTION

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely. Huawei ALP-AL00B Smartphone and BLA-AL00B Smartphones have vulnerabilities related to authorization, authority, and access control.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. HuaweiALP-AL00B and BLA-AL00B are both Huawei's smartphone products. RCSmodule is one of the converged communication modules

Trust: 2.16

sources: NVD: CVE-2018-7901 // JVNDB: JVNDB-2018-004976 // CNVD: CNVD-2018-08876

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08876

AFFECTED PRODUCTS

vendor:huaweimodel:alp-al00bscope:ltversion:8.0.0.129

Trust: 2.4

vendor:huaweimodel:bla-al00bscope:ltversion:8.0.0.129

Trust: 2.4

sources: CNVD: CNVD-2018-08876 // JVNDB: JVNDB-2018-004976 // NVD: CVE-2018-7901

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7901
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7901
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-08876
value: LOW

Trust: 0.6

CNNVD: CNNVD-201805-042
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-7901
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08876
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7901
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08876 // JVNDB: JVNDB-2018-004976 // CNNVD: CNNVD-201805-042 // NVD: CVE-2018-7901

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-004976 // NVD: CVE-2018-7901

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-042

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201805-042

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004976

PATCH

title:huawei-sa-20180425-01-rcsurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en

Trust: 0.8

title:HuaweiALP-AL00B and BLA-AL00BRCS modules are not authorized to patch the operating vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/128093

Trust: 0.6

title:Huawei ALP-AL00B and BLA-AL00B RCS Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79785

Trust: 0.6

sources: CNVD: CNVD-2018-08876 // JVNDB: JVNDB-2018-004976 // CNNVD: CNNVD-201805-042

EXTERNAL IDS

db:NVDid:CVE-2018-7901

Trust: 3.0

db:JVNDBid:JVNDB-2018-004976

Trust: 0.8

db:CNVDid:CNVD-2018-08876

Trust: 0.6

db:CNNVDid:CNNVD-201805-042

Trust: 0.6

sources: CNVD: CNVD-2018-08876 // JVNDB: JVNDB-2018-004976 // CNNVD: CNNVD-201805-042 // NVD: CVE-2018-7901

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7901

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-7901

Trust: 0.8

url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180425-01-rcs-cn

Trust: 0.6

sources: CNVD: CNVD-2018-08876 // JVNDB: JVNDB-2018-004976 // CNNVD: CNNVD-201805-042 // NVD: CVE-2018-7901

SOURCES

db:CNVDid:CNVD-2018-08876
db:JVNDBid:JVNDB-2018-004976
db:CNNVDid:CNNVD-201805-042
db:NVDid:CVE-2018-7901

LAST UPDATE DATE

2024-11-23T22:34:17.801000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-08876date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2018-004976date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201805-042date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7901date:2024-11-21T04:12:56.660

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-08876date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2018-004976date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201805-042date:2018-05-02T00:00:00
db:NVDid:CVE-2018-7901date:2018-04-30T14:29:00.470