Details of VAR-201807-1847

ID

VAR-201807-1847

CVE

CVE-2018-7944

TITLE

Emily-AL00A Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-008042

DESCRIPTION

Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally. Emily-AL00A Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiEmily-AL00A is a smartphone device from China's Huawei company. There is a security vulnerability in the HuaweiEmily-AL00A8.1.0.106 (SP2C00) version and 8.1.0.107 (SP5C00)

Trust: 2.25

sources: NVD: CVE-2018-7944 // JVNDB: JVNDB-2018-008042 // CNVD: CNVD-2018-12773 // VULHUB: VHN-137976

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12773

AFFECTED PRODUCTS

vendor:	huawei	model:	emily-al00a	scope:	eq	version:	8.1.0.107\(sp5c00\)	Trust: 1.6
vendor:	huawei	model:	emily-al00a	scope:	eq	version:	8.1.0.106\(sp2c00\)	Trust: 1.6
vendor:	huawei	model:	emily-al00a	scope:	eq	version:	8.1.0.106(sp2c00)	Trust: 0.8
vendor:	huawei	model:	emily-al00a	scope:	eq	version:	8.1.0.107(sp5c00)	Trust: 0.8
vendor:	huawei	model:	emily-al00a 8.1.0.106	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	emily-al00a 8.1.0.107	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-12773 // JVNDB: JVNDB-2018-008042 // CNNVD: CNNVD-201807-323 // NVD: CVE-2018-7944

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7944
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7944
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-12773
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201807-323
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-137976
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-7944
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12773
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137976
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7944
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-12773 // VULHUB: VHN-137976 // JVNDB: JVNDB-2018-008042 // CNNVD: CNNVD-201807-323 // NVD: CVE-2018-7944

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-137976 // JVNDB: JVNDB-2018-008042 // NVD: CVE-2018-7944

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-323

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201807-323

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008042

PATCH

title:	huawei-sa-20180622-01-bypass	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en	Trust: 0.8
title:	HuaweiEmily-AL00A Override Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/133827	Trust: 0.6
title:	Huawei Emily-AL00A Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81761	Trust: 0.6

sources: CNVD: CNVD-2018-12773 // JVNDB: JVNDB-2018-008042 // CNNVD: CNNVD-201807-323

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7944	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-008042	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-323	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12773	Trust: 0.6
db:	VULHUB	id:	VHN-137976	Trust: 0.1

sources: CNVD: CNVD-2018-12773 // VULHUB: VHN-137976 // JVNDB: JVNDB-2018-008042 // CNNVD: CNNVD-201807-323 // NVD: CVE-2018-7944

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7944	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7944	Trust: 0.8

sources: CNVD: CNVD-2018-12773 // VULHUB: VHN-137976 // JVNDB: JVNDB-2018-008042 // CNNVD: CNNVD-201807-323 // NVD: CVE-2018-7944

SOURCES

db:	CNVD	id:	CNVD-2018-12773
db:	VULHUB	id:	VHN-137976
db:	JVNDB	id:	JVNDB-2018-008042
db:	CNNVD	id:	CNNVD-201807-323
db:	NVD	id:	CVE-2018-7944

LAST UPDATE DATE

2024-11-23T22:26:15.757000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12773	date:	2018-07-10T00:00:00
db:	VULHUB	id:	VHN-137976	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008042	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-323	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7944	date:	2024-11-21T04:13:00.210

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-12773	date:	2018-07-10T00:00:00
db:	VULHUB	id:	VHN-137976	date:	2018-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-008042	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-323	date:	2018-07-06T00:00:00
db:	NVD	id:	CVE-2018-7944	date:	2018-07-05T18:29:00.737