Details of VAR-201804-1330

ID

VAR-201804-1330

CVE

CVE-2018-7930

TITLE

Huawei Mate 9 MHA-L29B Near Field Communication Component Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-07664 // CNNVD: CNNVD-201804-524

DESCRIPTION

The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks. Mate 9 Huawei Smartphones contain information disclosure vulnerabilities.Information may be obtained. HuaweiMate9 is a smartphone from China's Huawei company. NearFieldCommunication (NFC) moudle is one of the short-range wireless communication modules. An information disclosure vulnerability exists in the NFC component in the previous version of HuaweiMate9MHA-L29B8.0.0.366 (C567). The vulnerability stems from the program not fully verifying the data transfer request

Trust: 2.16

sources: NVD: CVE-2018-7930 // JVNDB: JVNDB-2018-004432 // CNVD: CNVD-2018-07664

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-07664

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 9	scope:	lt	version:	mha-l29b_8.0.0.366\(c567\)	Trust: 1.0
vendor:	huawei	model:	mate 9	scope:	lt	version:	mha-l29b 8.0.0.366(c567)	Trust: 0.8
vendor:	huawei	model:	mate <mha-l29b 8.0.0.366	scope:	eq	version:	9	Trust: 0.6

sources: CNVD: CNVD-2018-07664 // JVNDB: JVNDB-2018-004432 // NVD: CVE-2018-7930

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7930
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7930
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-07664
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201804-524
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2018-7930
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-07664
severity:	HIGH
baseScore:	7.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-7930
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-07664 // JVNDB: JVNDB-2018-004432 // CNNVD: CNNVD-201804-524 // NVD: CVE-2018-7930

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-004432 // NVD: CVE-2018-7930

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201804-524

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-524

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004432

PATCH

title:	huawei-sa-20180411-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en	Trust: 0.8
title:	HuaweiMate9MHA-L29BNearFieldCommunication Component Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/125595	Trust: 0.6
title:	Huawei Mate 9 MHA-L29B Near Field Communication Fixes for component information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83288	Trust: 0.6

sources: CNVD: CNVD-2018-07664 // JVNDB: JVNDB-2018-004432 // CNNVD: CNNVD-201804-524

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7930	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-004432	Trust: 0.8
db:	CNVD	id:	CNVD-2018-07664	Trust: 0.6
db:	CNNVD	id:	CNNVD-201804-524	Trust: 0.6

sources: CNVD: CNVD-2018-07664 // JVNDB: JVNDB-2018-004432 // CNNVD: CNNVD-201804-524 // NVD: CVE-2018-7930

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7930	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7930	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180411-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2018-07664 // JVNDB: JVNDB-2018-004432 // CNNVD: CNNVD-201804-524 // NVD: CVE-2018-7930

SOURCES

db:	CNVD	id:	CNVD-2018-07664
db:	JVNDB	id:	JVNDB-2018-004432
db:	CNNVD	id:	CNNVD-201804-524
db:	NVD	id:	CVE-2018-7930

LAST UPDATE DATE

2024-11-23T22:00:36.037000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07664	date:	2018-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-004432	date:	2018-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201804-524	date:	2018-04-12T00:00:00
db:	NVD	id:	CVE-2018-7930	date:	2024-11-21T04:12:58.570

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-07664	date:	2018-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-004432	date:	2018-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201804-524	date:	2018-04-12T00:00:00
db:	NVD	id:	CVE-2018-7930	date:	2018-04-11T17:29:00.427