Details of VAR-201809-1118

ID

VAR-201809-1118

CVE

CVE-2018-7939

TITLE

plural Huawei Vulnerabilities related to security functions in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2018-011121

DESCRIPTION

Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed. plural Huawei Smartphones have security function vulnerabilities.Information may be altered. HuaweiG9Lite and Honor5A are the smartphone products of China's Huawei company. A number of Huawei mobile phones have FRP bypass vulnerabilities. There are security vulnerabilities in many Huawei products

Trust: 2.25

sources: NVD: CVE-2018-7939 // JVNDB: JVNDB-2018-011121 // CNVD: CNVD-2018-17697 // VULHUB: VHN-137971

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-17697

AFFECTED PRODUCTS

vendor:	huawei	model:	honor 5a	scope:	lt	version:	cam-l21c185b156	Trust: 1.0
vendor:	huawei	model:	honor 5a	scope:	lt	version:	cam-l21c636b245	Trust: 1.0
vendor:	huawei	model:	honor 5a	scope:	lt	version:	cam-l21c10b145	Trust: 1.0
vendor:	huawei	model:	honor 8	scope:	lt	version:	frd-l09c432b398	Trust: 1.0
vendor:	huawei	model:	honor 5a	scope:	lt	version:	cam-l21c432b210	Trust: 1.0
vendor:	huawei	model:	g9 lite	scope:	lt	version:	vns-l53c605b120custc605d103	Trust: 1.0
vendor:	huawei	model:	honor 8	scope:	lt	version:	frd-l19c636b387	Trust: 1.0
vendor:	huawei	model:	honor 8	scope:	lt	version:	frd-l09c636b387	Trust: 1.0
vendor:	huawei	model:	honor 6x	scope:	lt	version:	berlin-l21c10b372	Trust: 1.0
vendor:	huawei	model:	honor 5a	scope:	lt	version:	cam-l03c605b143custc605d008	Trust: 1.0
vendor:	huawei	model:	honor 8	scope:	lt	version:	frd-l09c10b387	Trust: 1.0
vendor:	huawei	model:	honor 5a	scope:	lt	version:	cam-l21c223b133	Trust: 1.0
vendor:	huawei	model:	honor 8	scope:	lt	version:	frd-l19c432b399	Trust: 1.0
vendor:	huawei	model:	honor 5a	scope:	lt	version:	cam-l21c464b170	Trust: 1.0
vendor:	huawei	model:	honor 6x	scope:	lt	version:	berlin-l21c464b137	Trust: 1.0
vendor:	huawei	model:	honor 6x	scope:	lt	version:	berlin-l23c605b161	Trust: 1.0
vendor:	huawei	model:	honor 8	scope:	lt	version:	frd-l09c185b387	Trust: 1.0
vendor:	huawei	model:	honor 8	scope:	lt	version:	frd-l19c10b387	Trust: 1.0
vendor:	huawei	model:	honor 6x	scope:	lt	version:	berlin-l21c185b363	Trust: 1.0
vendor:	huawei	model:	g9 lite	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	honor 5a	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	honor 6x	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	honor 8	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	g9 lite <vns-l53c605b120custc605d103	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor 5a <cam-l03c605b143custc605d008	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor 5a <cam-l21c10b145	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor 5a <cam-l21c185b156	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor 5a <cam-l21c223b133	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor 5a <cam-l21c432b210	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor 5a <cam-l21c464b170	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor 5a <cam-l21c636b245	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	honor <berlin-l21c10b372	scope:	eq	version:	6x	Trust: 0.6
vendor:	huawei	model:	honor <berlin-l21c185b363	scope:	eq	version:	6x	Trust: 0.6
vendor:	huawei	model:	honor <berlin-l21c464b137	scope:	eq	version:	6x	Trust: 0.6
vendor:	huawei	model:	honor <berlin-l23c605b161	scope:	eq	version:	6x	Trust: 0.6
vendor:	huawei	model:	honor <frd-l09c10b387	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	honor <frd-l09c185b387	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	honor <frd-l09c432b398	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	honor <frd-l09c636b387	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	honor <frd-l19c10b387	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	honor <frd-l19c432b399	scope:	eq	version:	8	Trust: 0.6
vendor:	huawei	model:	honor <frd-l19c636b387	scope:	eq	version:	8	Trust: 0.6

sources: CNVD: CNVD-2018-17697 // JVNDB: JVNDB-2018-011121 // NVD: CVE-2018-7939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7939
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7939
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-17697
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201809-186
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-137971
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7939
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-17697
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137971
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7939
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-17697 // VULHUB: VHN-137971 // JVNDB: JVNDB-2018-011121 // CNNVD: CNNVD-201809-186 // NVD: CVE-2018-7939

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-137971 // JVNDB: JVNDB-2018-011121 // NVD: CVE-2018-7939

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-186

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-186

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011121

PATCH

title:	huawei-sa-20180905-01-frpbypass	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-en	Trust: 0.8
title:	Patches for multiple Huawei mobile phone FRP bypass vulnerabilities (CNVD-2018-17697)	url:	https://www.cnvd.org.cn/patchInfo/show/139593	Trust: 0.6
title:	Multiple Huawei Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84538	Trust: 0.6

sources: CNVD: CNVD-2018-17697 // JVNDB: JVNDB-2018-011121 // CNNVD: CNNVD-201809-186

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7939	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011121	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-186	Trust: 0.7
db:	CNVD	id:	CNVD-2018-17697	Trust: 0.6
db:	VULHUB	id:	VHN-137971	Trust: 0.1

sources: CNVD: CNVD-2018-17697 // VULHUB: VHN-137971 // JVNDB: JVNDB-2018-011121 // CNNVD: CNNVD-201809-186 // NVD: CVE-2018-7939

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7939	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7939	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-cn	Trust: 0.6

sources: CNVD: CNVD-2018-17697 // VULHUB: VHN-137971 // JVNDB: JVNDB-2018-011121 // CNNVD: CNNVD-201809-186 // NVD: CVE-2018-7939

SOURCES

db:	CNVD	id:	CNVD-2018-17697
db:	VULHUB	id:	VHN-137971
db:	JVNDB	id:	JVNDB-2018-011121
db:	CNNVD	id:	CNNVD-201809-186
db:	NVD	id:	CVE-2018-7939

LAST UPDATE DATE

2024-11-23T22:12:20.300000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-17697	date:	2018-09-06T00:00:00
db:	VULHUB	id:	VHN-137971	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-011121	date:	2019-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201809-186	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7939	date:	2024-11-21T04:12:59.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-17697	date:	2018-09-06T00:00:00
db:	VULHUB	id:	VHN-137971	date:	2018-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-011121	date:	2019-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201809-186	date:	2018-09-06T00:00:00
db:	NVD	id:	CVE-2018-7939	date:	2018-09-12T15:29:01.233