ID

VAR-201810-1162


CVE

CVE-2018-7911


TITLE

plural Huawei Vulnerabilities related to security functions in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2018-011813

DESCRIPTION

Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed. plural Huawei Smartphones have vulnerabilities related to security functions.Information may be tampered with. Huawei ALP-AL00B is a smartphone product of China Huawei. The following products and versions are affected: Huawei ALP-AL00B Version 8.0.0.106(C00), Version 8.0.0.113(SP2C00), Version 8.0.0.113(SP3C00), Version 8.0.0.113(SP7C00), Version 8.0.0.118(C00) , 8.0.0.120 (SP2C00) version, 8.0.0.125 (SP1C00) version, 8.0.0.125 (SP3C00) version, 8.0.0.126 (SP2C00) version, 8.0.0.126 (SP5C00) version, 8.0.0.127 (SP1C00) version, 8.0 .0.128(SP2C00) version; ALP-AL00B-RSC 1.0.0.2 version; BLA-TL00B 8.0.0.113(SP7C01) version, 8.0.0.118(C01) version, 8.0.0.120(SP2C01) version, 8.0.0.125(SP1C01) version Version, 8.0.0.125(SP2C01) version, 8.0.0.125(SP3C01) version, 8.0.0.126(SP2C01) version, 8.0.0.126(SP5C01) version, 8.0.0.127(SP1C01) version, 8.0.0.128(SP2C01) version, 8.0.0.129 (SP2C01) version; Charlotte-AL00A 8.1.0.105 (SP7C00) version, 8.1.0.106 (SP3C00) version, 8.1.0.107 (SP5C00) version, 8.1.0.107 (SP7C00) version, 8.1.0.108 (SP3C00) version , 8.1.0.108 (SP6C00) version, 8.1.0.109 (SP2C00) version; Emily-AL00A 8.1.0.105 (SP6C00) version, 8.1.0.106 (SP2C00) version, 8.1.0.107 (SP5C00) version, 8.1.0.107 (SP7C00) Version, 8.1.0

Trust: 2.25

sources: NVD: CVE-2018-7911 // JVNDB: JVNDB-2018-011813 // CNVD: CNVD-2019-41255 // VULHUB: VHN-137943

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41255

AFFECTED PRODUCTS

vendor:huaweimodel:alp-al00b 8.0.0.113scope: - version: -

Trust: 1.8

vendor:huaweimodel:bla-tl00b 8.0.0.125scope: - version: -

Trust: 1.8

vendor:huaweimodel:alp-al00b-rscscope:eqversion:1.0.0.2

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.113\(sp7c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.126\(sp2c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.125\(sp3c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.118\(c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.126\(sp5c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.106\(c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.125\(sp1c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.113\(sp2c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.113\(sp3c00\)

Trust: 1.6

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.120\(sp2c00\)

Trust: 1.6

vendor:huaweimodel:emily-al00a 8.1.0.107scope: - version: -

Trust: 1.2

vendor:huaweimodel:alp-al00b 8.0.0.125scope: - version: -

Trust: 1.2

vendor:huaweimodel:alp-al00b 8.0.0.126scope: - version: -

Trust: 1.2

vendor:huaweimodel:bla-tl00b 8.0.0.126scope: - version: -

Trust: 1.2

vendor:huaweimodel:charlotte-al00a 8.1.0.107scope: - version: -

Trust: 1.2

vendor:huaweimodel:charlotte-al00a 8.1.0.108scope: - version: -

Trust: 1.2

vendor:huaweimodel:emily-al00a 8.1.0.108scope: - version: -

Trust: 1.2

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.107\(sp5c00\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.113\(sp7c01\)

Trust: 1.0

vendor:huaweimodel:charlotte-al00ascope:eqversion:8.1.0.108\(sp3c00\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.126\(sp5c01\)

Trust: 1.0

vendor:huaweimodel:charlotte-al00ascope:eqversion:8.1.0.105\(sp7c00\)

Trust: 1.0

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.108\(sp2c00\)

Trust: 1.0

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.108\(sp6c00\)

Trust: 1.0

vendor:huaweimodel:charlotte-al00ascope:eqversion:8.1.0.107\(sp7c00\)

Trust: 1.0

vendor:huaweimodel:charlotte-al00ascope:eqversion:8.1.0.107\(sp5c00\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.125\(sp3c01\)

Trust: 1.0

vendor:huaweimodel:charlotte-al00ascope:eqversion:8.1.0.109\(sp2c00\)

Trust: 1.0

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.105\(sp6c00\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.120\(sp2c01\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.129\(sp2c01\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.125\(sp2c01\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.128\(sp2c01\)

Trust: 1.0

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.128\(sp2c00\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.125\(sp1c01\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.118\(c01\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.126\(sp2c01\)

Trust: 1.0

vendor:huaweimodel:charlotte-al00ascope:eqversion:8.1.0.108\(sp6c00\)

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:eqversion:8.0.0.127\(sp1c01\)

Trust: 1.0

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.107\(sp7c00\)

Trust: 1.0

vendor:huaweimodel:charlotte-al00ascope:eqversion:8.1.0.106\(sp3c00\)

Trust: 1.0

vendor:huaweimodel:alp-al00bscope:eqversion:8.0.0.127\(sp1c00\)

Trust: 1.0

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.106\(sp2c00\)

Trust: 1.0

vendor:huaweimodel:emily-al00ascope:eqversion:8.1.0.109\(sp5c00\)

Trust: 1.0

vendor:huaweimodel:alp-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:alp-al00b-rscscope: - version: -

Trust: 0.8

vendor:huaweimodel:bla-tl00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:charlotte al00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:emily-al00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:emily-al00a 8.1.0.106scope: - version: -

Trust: 0.6

vendor:huaweimodel:alp-al00b 8.0.0.106scope: - version: -

Trust: 0.6

vendor:huaweimodel:alp-al00b 8.0.0.118dscope: - version: -

Trust: 0.6

vendor:huaweimodel:alp-al00b 8.0.0.118scope: - version: -

Trust: 0.6

vendor:huaweimodel:alp-al00b 8.0.0.120scope: - version: -

Trust: 0.6

vendor:huaweimodel:alp-al00b 8.0.0.127scope: - version: -

Trust: 0.6

vendor:huaweimodel:alp-al00b 8.0.0.128scope: - version: -

Trust: 0.6

vendor:huaweimodel:bla-tl00b 8.0.0.113scope: - version: -

Trust: 0.6

vendor:huaweimodel:bla-tl00b 8.0.0.118scope: - version: -

Trust: 0.6

vendor:huaweimodel:bla-tl00b 8.0.0.120scope: - version: -

Trust: 0.6

vendor:huaweimodel:bla-tl00b 8.0.0.127scope: - version: -

Trust: 0.6

vendor:huaweimodel:bla-tl00b 8.0.0.128scope: - version: -

Trust: 0.6

vendor:huaweimodel:bla-tl00b 8.0.0.129scope: - version: -

Trust: 0.6

vendor:huaweimodel:charlotte-al00a 8.1.0.105scope: - version: -

Trust: 0.6

vendor:huaweimodel:charlotte-al00a 8.1.0.106scope: - version: -

Trust: 0.6

vendor:huaweimodel:charlotte-al00a 8.1.0.109scope: - version: -

Trust: 0.6

vendor:huaweimodel:emily-al00a 8.1.0.105scope: - version: -

Trust: 0.6

vendor:huaweimodel:emily-al00a 8.1.0.109scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-41255 // JVNDB: JVNDB-2018-011813 // CNNVD: CNNVD-201810-1175 // NVD: CVE-2018-7911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7911
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7911
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41255
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-1175
value: MEDIUM

Trust: 0.6

VULHUB: VHN-137943
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7911
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41255
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-137943
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7911
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-41255 // VULHUB: VHN-137943 // JVNDB: JVNDB-2018-011813 // CNNVD: CNNVD-201810-1175 // NVD: CVE-2018-7911

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-137943 // JVNDB: JVNDB-2018-011813 // NVD: CVE-2018-7911

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1175

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-1175

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011813

PATCH

title:huawei-sa-20180822-01-frpbypassurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en

Trust: 0.8

title:Patch for A variety of Huawei products FRP bypass vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/190763

Trust: 0.6

title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86273

Trust: 0.6

sources: CNVD: CNVD-2019-41255 // JVNDB: JVNDB-2018-011813 // CNNVD: CNNVD-201810-1175

EXTERNAL IDS

db:NVDid:CVE-2018-7911

Trust: 3.1

db:JVNDBid:JVNDB-2018-011813

Trust: 0.8

db:CNNVDid:CNNVD-201810-1175

Trust: 0.7

db:CNVDid:CNVD-2019-41255

Trust: 0.6

db:VULHUBid:VHN-137943

Trust: 0.1

sources: CNVD: CNVD-2019-41255 // VULHUB: VHN-137943 // JVNDB: JVNDB-2018-011813 // CNNVD: CNNVD-201810-1175 // NVD: CVE-2018-7911

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en

Trust: 2.3

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7911

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-7911

Trust: 0.8

sources: CNVD: CNVD-2019-41255 // VULHUB: VHN-137943 // JVNDB: JVNDB-2018-011813 // CNNVD: CNNVD-201810-1175 // NVD: CVE-2018-7911

SOURCES

db:CNVDid:CNVD-2019-41255
db:VULHUBid:VHN-137943
db:JVNDBid:JVNDB-2018-011813
db:CNNVDid:CNNVD-201810-1175
db:NVDid:CVE-2018-7911

LAST UPDATE DATE

2024-11-23T22:00:12.504000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-41255date:2019-11-19T00:00:00
db:VULHUBid:VHN-137943date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011813date:2019-01-23T00:00:00
db:CNNVDid:CNNVD-201810-1175date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7911date:2024-11-21T04:12:57.430

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-41255date:2019-11-19T00:00:00
db:VULHUBid:VHN-137943date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011813date:2019-01-23T00:00:00
db:CNNVDid:CNNVD-201810-1175date:2018-10-24T00:00:00
db:NVDid:CVE-2018-7911date:2018-10-23T14:29:04.437