Details of VAR-201809-1115

ID

VAR-201809-1115

CVE

CVE-2018-7936

TITLE

Mate 10 Pro Huawei Vulnerabilities related to security functions in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2018-009645

DESCRIPTION

Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed. Mate 10 Pro Huawei Smartphones have vulnerabilities related to security functions.Information may be tampered with. HuaweiMate10Pro is a smartphone product of China's Huawei company

Trust: 2.25

sources: NVD: CVE-2018-7936 // JVNDB: JVNDB-2018-009645 // CNVD: CNVD-2018-16535 // VULHUB: VHN-137968

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-16535

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 10 pro	scope:	lt	version:	bla-l29_8.0.0.148\(c432\)	Trust: 1.0
vendor:	huawei	model:	mate 10 pro	scope:	lt	version:	bla-l29 8.0.0.148(c432)	Trust: 0.8
vendor:	huawei	model:	mate pro <bla-l29 8.0.0.148	scope:	eq	version:	10	Trust: 0.6
vendor:	huawei	model:	mate 10 pro	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	mate 10 pro	scope:	eq	version:	8.1.0.326\(c00\)	Trust: 0.6

sources: CNVD: CNVD-2018-16535 // JVNDB: JVNDB-2018-009645 // CNNVD: CNNVD-201808-860 // NVD: CVE-2018-7936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7936
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7936
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-16535
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201808-860
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-137968
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7936
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-16535
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137968
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7936
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-16535 // VULHUB: VHN-137968 // JVNDB: JVNDB-2018-009645 // CNNVD: CNNVD-201808-860 // NVD: CVE-2018-7936

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-137968 // JVNDB: JVNDB-2018-009645 // NVD: CVE-2018-7936

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-860

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-860

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009645

PATCH

title:	huawei-sa-20180827-01-frpbypass	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en	Trust: 0.8
title:	HuaweiMate10Pro mobile phone FRP security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/138567	Trust: 0.6
title:	Huawei Mate 10 Pro Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84313	Trust: 0.6

sources: CNVD: CNVD-2018-16535 // JVNDB: JVNDB-2018-009645 // CNNVD: CNNVD-201808-860

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7936	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-009645	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-860	Trust: 0.7
db:	CNVD	id:	CNVD-2018-16535	Trust: 0.6
db:	VULHUB	id:	VHN-137968	Trust: 0.1

sources: CNVD: CNVD-2018-16535 // VULHUB: VHN-137968 // JVNDB: JVNDB-2018-009645 // CNNVD: CNNVD-201808-860 // NVD: CVE-2018-7936

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7936	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7936	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-cn	Trust: 0.6

sources: CNVD: CNVD-2018-16535 // VULHUB: VHN-137968 // JVNDB: JVNDB-2018-009645 // CNNVD: CNNVD-201808-860 // NVD: CVE-2018-7936

SOURCES

db:	CNVD	id:	CNVD-2018-16535
db:	VULHUB	id:	VHN-137968
db:	JVNDB	id:	JVNDB-2018-009645
db:	CNNVD	id:	CNNVD-201808-860
db:	NVD	id:	CVE-2018-7936

LAST UPDATE DATE

2024-11-23T23:12:02.841000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-16535	date:	2018-08-28T00:00:00
db:	VULHUB	id:	VHN-137968	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-009645	date:	2018-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201808-860	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7936	date:	2024-11-21T04:12:59.247

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-16535	date:	2018-08-28T00:00:00
db:	VULHUB	id:	VHN-137968	date:	2018-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-009645	date:	2018-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201808-860	date:	2018-08-28T00:00:00
db:	NVD	id:	CVE-2018-7936	date:	2018-09-04T16:29:00.613