ID

VAR-201810-1163


CVE

CVE-2018-7924


TITLE

Anne-AL00 Huawei Information disclosure vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2018-011371

DESCRIPTION

Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone. Anne-AL00 Huawei Smartphones contain information disclosure vulnerabilities.Information may be obtained. Anne-AL00 is a smartphone launched by Huawei. Huawei Anne-AL00 is a smartphone from the Chinese company Huawei. The vulnerability is caused by the fact that the program does not have the permission to set commands

Trust: 2.25

sources: NVD: CVE-2018-7924 // JVNDB: JVNDB-2018-011371 // CNVD: CNVD-2018-21198 // VULHUB: VHN-137956

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-21198

AFFECTED PRODUCTS

vendor:huaweimodel:anne-al00scope:eqversion:8.0.0.151\(c00\)

Trust: 1.6

vendor:huaweimodel:anne-al00scope:ltversion:8.0.0.151(c00)

Trust: 0.8

vendor:huaweimodel:anne-al00 <=8.0.0.151scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-21198 // JVNDB: JVNDB-2018-011371 // CNNVD: CNNVD-201810-757 // NVD: CVE-2018-7924

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7924
value: LOW

Trust: 1.0

NVD: CVE-2018-7924
value: LOW

Trust: 0.8

CNVD: CNVD-2018-21198
value: LOW

Trust: 0.6

CNNVD: CNNVD-201810-757
value: LOW

Trust: 0.6

VULHUB: VHN-137956
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-7924
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-21198
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-137956
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7924
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-21198 // VULHUB: VHN-137956 // JVNDB: JVNDB-2018-011371 // CNNVD: CNNVD-201810-757 // NVD: CVE-2018-7924

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-137956 // JVNDB: JVNDB-2018-011371 // NVD: CVE-2018-7924

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-757

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-757

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011371

PATCH

title:huawei-sa-20181017-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181017-01-smartphone-en

Trust: 0.8

title:Huawei mobile phone information disclosure vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/142693

Trust: 0.6

title:Huawei Anne-AL00 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85840

Trust: 0.6

sources: CNVD: CNVD-2018-21198 // JVNDB: JVNDB-2018-011371 // CNNVD: CNNVD-201810-757

EXTERNAL IDS

db:NVDid:CVE-2018-7924

Trust: 3.1

db:JVNDBid:JVNDB-2018-011371

Trust: 0.8

db:CNNVDid:CNNVD-201810-757

Trust: 0.7

db:CNVDid:CNVD-2018-21198

Trust: 0.6

db:VULHUBid:VHN-137956

Trust: 0.1

sources: CNVD: CNVD-2018-21198 // VULHUB: VHN-137956 // JVNDB: JVNDB-2018-011371 // CNNVD: CNNVD-201810-757 // NVD: CVE-2018-7924

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181017-01-smartphone-en

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7924

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-7924

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181017-01-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2018-21198 // VULHUB: VHN-137956 // JVNDB: JVNDB-2018-011371 // CNNVD: CNNVD-201810-757 // NVD: CVE-2018-7924

SOURCES

db:CNVDid:CNVD-2018-21198
db:VULHUBid:VHN-137956
db:JVNDBid:JVNDB-2018-011371
db:CNNVDid:CNNVD-201810-757
db:NVDid:CVE-2018-7924

LAST UPDATE DATE

2024-11-23T21:38:05.092000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-21198date:2018-10-18T00:00:00
db:VULHUBid:VHN-137956date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011371date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-757date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7924date:2024-11-21T04:12:58.027

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-21198date:2018-10-18T00:00:00
db:VULHUBid:VHN-137956date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2018-011371date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-757date:2018-10-17T00:00:00
db:NVDid:CVE-2018-7924date:2018-10-17T15:29:00.727