Sign-up

ID

VAR-201807-1848


CVE

CVE-2018-7947


TITLE

Emily-AL00A Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008888

DESCRIPTION

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. Emily-AL00A Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiEmily-AL00A is a smartphone device from China's Huawei company. The following products and versions are affected: Huawei Anne-AL00 before 9.1.0.122 (C00E120R1P7T8); Honor Play 7A before 8.0.0.213 (C00); Atomu-L03 before 8.0.0.159 (C605CUSTC605D1); Atomu-L11 8.0. 0.149(C782CUSTC782D1) previous version; Atomu-L21 8.0.0.153(C432CUSTC432D1) previous version; Atomu-L23 8.0.0.162(C605CUSTC605D1) previous version; Atomu-L29A 8.0.0.149(C432CUSTC432D1) previous version, 8.0.0.149(C461CUSTC461D1) Before Version, version before 8.0.0.150(C185CUSTC185D1), version before 8.0.0.165(C636CUSTC636D1); version before Atomu-L41 8.0.0.151(C461CUSTC461D1); version before Atomu-L42 8.0.0.153(C636CUSTC636D1-1.0.8.10Berkeley); Version before (C01E181R1P14T8); Version before Delhi-L42 Version before Delhi-L42C185B123, Version before Delhi-L42C432B136; Version before Duke-L09 Version Duke-L09C10B187, Version Duke-L09C432B189, Version Duke-L09C636B189; Figo-L03 8.0.0.137 (C605) version; Figo-L11 8.0.0.135 (C432) version, 9.1.0

Trust: 2.25

sources: NVD: CVE-2018-7947 // JVNDB: JVNDB-2018-008888 // CNVD: CNVD-2018-13551 // VULHUB: VHN-137979

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-13551

AFFECTED PRODUCTS

vendor:huaweimodel:emily-al00ascope:ltversion:8.1.0.153\(c00\)

Trust: 1.0

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.153(c00)

Trust: 0.8

vendor:huaweimodel:emily-al00a <8.1.0.153scope: - version: -

Trust: 0.6

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.107\(sp5c00\)

Trust: 0.6

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.106\(sp2c00\)

Trust: 0.6

sources: CNVD: CNVD-2018-13551 // JVNDB: JVNDB-2018-008888 // CNNVD: CNNVD-201807-2012 // NVD: CVE-2018-7947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7947
value: LOW

Trust: 1.0

NVD: CVE-2018-7947
value: LOW

Trust: 0.8

CNVD: CNVD-2018-13551
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-2012
value: LOW

Trust: 0.6

VULHUB: VHN-137979
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7947
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-13551
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-137979
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7947
baseSeverity: LOW
baseScore: 3.9
vectorString: CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.5
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-13551 // VULHUB: VHN-137979 // JVNDB: JVNDB-2018-008888 // CNNVD: CNNVD-201807-2012 // NVD: CVE-2018-7947

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-137979 // JVNDB: JVNDB-2018-008888 // NVD: CVE-2018-7947

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-2012

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201807-2012

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008888

PATCH
title:huawei-sa-20180720-01-mobileurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en
Trust: 0.8
title:HuaweiEmily-AL00A authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/134843
Trust: 0.6
title:Huawei Emily-AL00A Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82739
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-13551 // 
            
            
            
            JVNDB: JVNDB-2018-008888 // 
            
            
            
            CNNVD: CNNVD-201807-2012

EXTERNAL IDS
db:NVDid:CVE-2018-7947
Trust: 3.1
db:JVNDBid:JVNDB-2018-008888
Trust: 0.8
db:CNNVDid:CNNVD-201807-2012
Trust: 0.7
db:CNVDid:CNVD-2018-13551
Trust: 0.6
db:VULHUBid:VHN-137979
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-13551 // 
            
            
            
            VULHUB: VHN-137979 // 
            
            
            
            JVNDB: JVNDB-2018-008888 // 
            
            
            
            CNNVD: CNNVD-201807-2012 // 
            
            
            
            NVD: CVE-2018-7947

REFERENCES
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180720-01-mobile-cn
Trust: 1.2
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7947
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7947
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-13551 // 
            
            
            
            VULHUB: VHN-137979 // 
            
            
            
            JVNDB: JVNDB-2018-008888 // 
            
            
            
            CNNVD: CNNVD-201807-2012 // 
            
            
            
            NVD: CVE-2018-7947

SOURCES
db:CNVDid:CNVD-2018-13551
db:VULHUBid:VHN-137979
db:JVNDBid:JVNDB-2018-008888
db:CNNVDid:CNNVD-201807-2012
db:NVDid:CVE-2018-7947

LAST UPDATE DATE
2024-11-23T22:12:27.299000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-13551date:2018-07-20T00:00:00
db:VULHUBid:VHN-137979date:2018-10-04T00:00:00
db:JVNDBid:JVNDB-2018-008888date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201807-2012date:2020-07-30T00:00:00
db:NVDid:CVE-2018-7947date:2024-11-21T04:13:00.450

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-13551date:2018-07-20T00:00:00
db:VULHUBid:VHN-137979date:2018-07-31T00:00:00
db:JVNDBid:JVNDB-2018-008888date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201807-2012date:2018-08-01T00:00:00
db:NVDid:CVE-2018-7947date:2018-07-31T14:29:00.980