Sign-up

ID

VAR-201809-1110


CVE

CVE-2018-7907


TITLE

plural Huawei Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-010986

DESCRIPTION

plural Huawei The product contains an information disclosure vulnerability.Information may be obtained. Agassi-L09 and Agassi-W09 are all smart products of Huawei. The attacker exploited this vulnerability by convincing the user to install a malicious application because the input was not fully verified. The successful exploitation of the vulnerability by an attacker can lead to the disclosure of sensitive information. The Huawei Agassi-L09 is a tablet device. The vulnerability is caused by the program's insufficient input validation. The following products and versions are affected: Huawei Agassi-L09 AGS-L09C100B257CUSTC100D001 Version, AGS-L09C170B253CUSTC170D001 Version, AGS-L09C199B251CUSTC199D001 Version, AGS-L09C229B003CUSTC229D001 Version; Agassi-W09 AGS-W09C100B257CUSTC100D001 Version, AGS-W09C128B252CUSTC128D001 Version, AGS-W09C170B252CUSTC170D001 Version, AGS -W09C229B251CUSTC229D001 Version, AGS-W09C331B003CUSTC331D001 Version, AGS-W09C794B001CUSTC794D001 Version; Baggio2-U01A BG2-U01C100B160CUSTC100D001 Version, BG2-U01C170B160CUSTC170D001 Version, BG2-U01C199B162CUSTC199D001 Version, BG2-U01C209B160CUSTC209D001 Version, BG2-U01C333B160CUSTC333D001 Version; Bond-AL00C Bond-AL00CC00B201 Version; Bond-AL10B Bond-AL10BC00B201 version; Bond-TL10B Bond-TL10BC01B201 version; Bond-TL10C Bond-TL10CC01B131 version; Haydn-L1JB HDN-L1JC137B068; Kobe-L09A

Trust: 1.35

sources: JVNDB: JVNDB-2018-010986 // CNVD: CNVD-2018-19589 // VULHUB: VHN-137939

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-19589

AFFECTED PRODUCTS

vendor:huaweimodel:agassi-l09scope:eqversion:ags-l09c100b257custc100d001

Trust: 2.4

vendor:huaweimodel:agassi-l09scope:eqversion:ags-l09c170b253custc170d001

Trust: 2.4

vendor:huaweimodel:agassi-l09scope:eqversion:ags-l09c199b251custc199d001

Trust: 2.4

vendor:huaweimodel:agassi-l09scope:eqversion:ags-l09c229b003custc229d001

Trust: 2.4

vendor:huaweimodel:agassi-w09scope:eqversion:ags-w09c100b257custc100d001

Trust: 2.4

vendor:huaweimodel:agassi-w09scope:eqversion:ags-w09c128b252custc128d001

Trust: 2.4

vendor:huaweimodel:agassi-w09scope:eqversion:ags-w09c170b252custc170d001

Trust: 2.4

vendor:huaweimodel:agassi-w09scope:eqversion:ags-w09c229b251custc229d001

Trust: 2.4

vendor:huaweimodel:agassi-w09scope:eqversion:ags-w09c331b003custc331d001

Trust: 2.4

vendor:huaweimodel:agassi-w09scope:eqversion:ags-w09c794b001custc794d001

Trust: 2.4

vendor:huaweimodel:baggio2-u01ascope:eqversion:bg2-u01c100b160custc100d001

Trust: 1.8

vendor:huaweimodel:baggio2-u01ascope:eqversion:bg2-u01c170b160custc170d001

Trust: 1.8

vendor:huaweimodel:baggio2-u01ascope:eqversion:bg2-u01c199b162custc199d001

Trust: 1.8

vendor:huaweimodel:baggio2-u01ascope:eqversion:bg2-u01c209b160custc209d001

Trust: 1.8

vendor:huaweimodel:baggio2-u01ascope:eqversion:bg2-u01c333b160custc333d001

Trust: 1.8

vendor:huaweimodel:bond-al00cscope:eqversion:bond-al00cc00b201

Trust: 1.8

vendor:huaweimodel:bond-al10bscope:eqversion:bond-al10bc00b201

Trust: 1.8

vendor:huaweimodel:bond-tl10bscope:eqversion:bond-tl10bc01b201

Trust: 1.8

vendor:huaweimodel:bond-tl10cscope:eqversion:bond-tl10cc01b131

Trust: 1.8

vendor:huaweimodel:haydn-l1jbscope:eqversion:hdn-l1jc137b068

Trust: 1.8

vendor:huaweimodel:kobe-l09ascope:eqversion:kob-l09c100b252custc100d001

Trust: 1.8

vendor:huaweimodel:kobe-l09ascope:eqversion:kob-l09c209b002custc209d001

Trust: 1.8

vendor:huaweimodel:kobe-l09ascope:eqversion:kob-l09c362b001custc362d001

Trust: 1.8

vendor:huaweimodel:kobe-l09ahnscope:eqversion:kob-l09c233b226

Trust: 1.8

vendor:huaweimodel:kobe-w09cscope:eqversion:kob-w09c128b251custc128d001

Trust: 1.8

vendor:huaweimodel:rhone-al00scope:eqversion:rhone-al00c00b186

Trust: 1.8

vendor:huaweimodel:selina-l02scope:eqversion:selina-l02c432b153

Trust: 1.8

vendor:huaweimodel:stanford-l09sscope:eqversion:stanford-l09sc432b183

Trust: 1.8

vendor:huaweimodel:toronto-al00scope:eqversion:toronto-al00c00b223

Trust: 1.8

vendor:huaweimodel:toronto-al00ascope:eqversion:toronto-al00ac00b223

Trust: 1.8

vendor:huaweimodel:toronto-tl10scope:eqversion:toronto-tl10c01b223

Trust: 1.8

vendor:huaweimodel:lelandp-l22cscope:eqversion:8.0.0.101_c675custc675d2

Trust: 1.0

vendor:huaweimodel:lelandp-l22dscope:eqversion:8.0.0.101_c675custc675d2

Trust: 1.0

vendor:huaweimodel:lelandp-l22cscope:eqversion:8.0.0.101(c675custc675d2)

Trust: 0.8

vendor:huaweimodel:lelandp-l22dscope:eqversion:8.0.0.101(c675custc675d2)

Trust: 0.8

vendor:huaweimodel:agassi-l09 ags-l09c100b257custc100d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-l09 ags-l09c170b253custc170d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-l09 ags-l09c199b251custc199d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-l09 ags-l09c229b003custc229d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-w09 ags-w09c100b257custc100d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-w09 ags-w09c128b252custc128d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-w09 ags-w09c170b252custc170d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-w09 ags-w09c229b251custc229d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-w09 ags-w09c331b003custc331d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:agassi-w09 ags-w09c794b001custc794d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:baggio2-u01a bg2-u01c100b160custc100d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:baggio2-u01a bg2-u01c170b160custc170d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:baggio2-u01a bg2-u01c199b162custc199d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:baggio2-u01a bg2-u01c209b160custc209d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:baggio2-u01a bg2-u01c333b160custc333d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:bond-al00c bond-al00cc00b201scope: - version: -

Trust: 0.6

vendor:huaweimodel:bond-al10b bond-al10bc00b201scope: - version: -

Trust: 0.6

vendor:huaweimodel:bond-tl10b bond-tl10bc01b201scope: - version: -

Trust: 0.6

vendor:huaweimodel:bond-tl10c bond-tl10cc01b131scope: - version: -

Trust: 0.6

vendor:huaweimodel:haydn-l1jb hdn-l1jc137b068scope: - version: -

Trust: 0.6

vendor:huaweimodel:kobe-l09a kob-l09c100b252custc100d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:kobe-l09a kob-l09c209b002custc209d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:kobe-l09a kob-l09c362b001custc362d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:kobe-l09ahn kob-l09c233b226scope: - version: -

Trust: 0.6

vendor:huaweimodel:kobe-w09c kob-w09c128b251custc128d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:lelandp-l22c 8.0.0.101scope: - version: -

Trust: 0.6

vendor:huaweimodel:lelandp-l22d 8.0.0.101scope: - version: -

Trust: 0.6

vendor:huaweimodel:rhone-al00 rhone-al00c00b186scope: - version: -

Trust: 0.6

vendor:huaweimodel:selina-l02 selina-l02c432b153scope: - version: -

Trust: 0.6

vendor:huaweimodel:stanford-l09s stanford-l09sc432b183scope: - version: -

Trust: 0.6

vendor:huaweimodel:toronto-al00 toronto-al00c00b223scope: - version: -

Trust: 0.6

vendor:huaweimodel:toronto-al00a toronto-al00ac00b223scope: - version: -

Trust: 0.6

vendor:huaweimodel:toronto-tl10 toronto-tl10c01b223scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-19589 // JVNDB: JVNDB-2018-010986 // CNNVD: CNNVD-201809-938 // NVD: CVE-2018-7907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7907
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7907
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-19589
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-938
value: MEDIUM

Trust: 0.6

VULHUB: VHN-137939
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7907
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-19589
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-137939
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7907
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-19589 // VULHUB: VHN-137939 // JVNDB: JVNDB-2018-010986 // CNNVD: CNNVD-201809-938 // NVD: CVE-2018-7907

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-137939 // JVNDB: JVNDB-2018-010986 // NVD: CVE-2018-7907

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-938

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201809-938

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010986

PATCH
title:huawei-sa-20180919-02-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en
Trust: 0.8
title:Patches for various Huawei product information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/140897
Trust: 0.6
title:Multiple Huawei Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85056
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-19589 // 
            
            
            
            JVNDB: JVNDB-2018-010986 // 
            
            
            
            CNNVD: CNNVD-201809-938

EXTERNAL IDS
db:NVDid:CVE-2018-7907
Trust: 3.1
db:JVNDBid:JVNDB-2018-010986
Trust: 0.8
db:CNNVDid:CNNVD-201809-938
Trust: 0.7
db:CNVDid:CNVD-2018-19589
Trust: 0.6
db:VULHUBid:VHN-137939
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-19589 // 
            
            
            
            VULHUB: VHN-137939 // 
            
            
            
            JVNDB: JVNDB-2018-010986 // 
            
            
            
            CNNVD: CNNVD-201809-938 // 
            
            
            
            NVD: CVE-2018-7907

REFERENCES
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180919-02-smartphone-cn
Trust: 1.2
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7907
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7907
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-19589 // 
            
            
            
            VULHUB: VHN-137939 // 
            
            
            
            JVNDB: JVNDB-2018-010986 // 
            
            
            
            CNNVD: CNNVD-201809-938 // 
            
            
            
            NVD: CVE-2018-7907

SOURCES
db:CNVDid:CNVD-2018-19589
db:VULHUBid:VHN-137939
db:JVNDBid:JVNDB-2018-010986
db:CNNVDid:CNNVD-201809-938
db:NVDid:CVE-2018-7907

LAST UPDATE DATE
2024-11-23T23:08:34.828000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-19589date:2018-09-21T00:00:00
db:VULHUBid:VHN-137939date:2018-11-28T00:00:00
db:JVNDBid:JVNDB-2018-010986date:2018-12-28T00:00:00
db:CNNVDid:CNNVD-201809-938date:2018-09-20T00:00:00
db:NVDid:CVE-2018-7907date:2024-11-21T04:12:57.170

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-19589date:2018-09-21T00:00:00
db:VULHUBid:VHN-137939date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010986date:2018-12-28T00:00:00
db:CNNVDid:CNNVD-201809-938date:2018-09-20T00:00:00
db:NVDid:CVE-2018-7907date:2018-09-26T13:29:00.527