Details of VAR-201809-1152

ID

VAR-201809-1152

CVE

CVE-2018-7991

TITLE

Huawei smartphone Mate10 Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-011928

DESCRIPTION

Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page. Huawei smartphone Mate10 Contains vulnerabilities related to security features.Information may be tampered with. HuaweiMate10 is a smartphone product. HuaweiMate10 has an FRP bypass vulnerability

Trust: 2.16

sources: NVD: CVE-2018-7991 // JVNDB: JVNDB-2018-011928 // CNVD: CNVD-2018-18616

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-18616

AFFECTED PRODUCTS

vendor:	huawei	model:	mate10	scope:	lt	version:	alp-al00b_8.0.0.110\(c00\)	Trust: 1.0
vendor:	huawei	model:	mate 10	scope:	lt	version:	alp-al00b 8.0.0.110(c00)	Trust: 0.8
vendor:	huawei	model:	mate <alp-al00b 8.0.0.110	scope:	eq	version:	10	Trust: 0.6

sources: CNVD: CNVD-2018-18616 // JVNDB: JVNDB-2018-011928 // NVD: CVE-2018-7991

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7991
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7991
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-18616
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201809-646
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-7991
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-18616
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-7991
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-18616 // JVNDB: JVNDB-2018-011928 // CNNVD: CNNVD-201809-646 // NVD: CVE-2018-7991

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-254	Trust: 0.8

sources: JVNDB: JVNDB-2018-011928 // NVD: CVE-2018-7991

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-646

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-646

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011928

PATCH

title:	huawei-sa-20180912-01-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en	Trust: 0.8
title:	HuaweiMate10FRP bypasses the patch for the vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/140029	Trust: 0.6
title:	Huawei Mate 10 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84896	Trust: 0.6

sources: CNVD: CNVD-2018-18616 // JVNDB: JVNDB-2018-011928 // CNNVD: CNNVD-201809-646

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7991	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-011928	Trust: 0.8
db:	CNVD	id:	CNVD-2018-18616	Trust: 0.6
db:	CNNVD	id:	CNNVD-201809-646	Trust: 0.6

sources: CNVD: CNVD-2018-18616 // JVNDB: JVNDB-2018-011928 // CNNVD: CNNVD-201809-646 // NVD: CVE-2018-7991

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7991	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7991	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180912-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2018-18616 // JVNDB: JVNDB-2018-011928 // CNNVD: CNNVD-201809-646 // NVD: CVE-2018-7991

SOURCES

db:	CNVD	id:	CNVD-2018-18616
db:	JVNDB	id:	JVNDB-2018-011928
db:	CNNVD	id:	CNNVD-201809-646
db:	NVD	id:	CVE-2018-7991

LAST UPDATE DATE

2024-11-23T23:08:34.801000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-18616	date:	2018-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-011928	date:	2019-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201809-646	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7991	date:	2024-11-21T04:13:02.630

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-18616	date:	2018-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-011928	date:	2019-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201809-646	date:	2018-09-13T00:00:00
db:	NVD	id:	CVE-2018-7991	date:	2018-09-18T13:29:01.220