Details of VAR-201807-2074

ID

VAR-201807-2074

CVE

CVE-2018-7957

TITLE

Huawei Victoria-AL00 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-12786 // CNNVD: CNNVD-201807-2011

DESCRIPTION

Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally. Huawei Smartphone software contains an authorization vulnerability.Information may be obtained. HuaweiVictoria-AL00 is the smartphone of China Huawei. The vulnerability stems from the fact that a certain interface of the mobile phone does not have the correct verification authority

Trust: 2.25

sources: NVD: CVE-2018-7957 // JVNDB: JVNDB-2018-008887 // CNVD: CNVD-2018-12786 // VULHUB: VHN-137989

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12786

AFFECTED PRODUCTS

vendor:	huawei	model:	victoria-al00	scope:	eq	version:	victoria-al00_8.0.0.336a\(c00\)	Trust: 1.6
vendor:	huawei	model:	victoria-al00	scope:	eq	version:	8.0.0.336a(c00)	Trust: 0.8
vendor:	huawei	model:	victoria-al00a victoria-al00 8.0.0.336a	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-12786 // JVNDB: JVNDB-2018-008887 // CNNVD: CNNVD-201807-2011 // NVD: CVE-2018-7957

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7957
value:	LOW
Trust: 1.0
NVD:	CVE-2018-7957
value:	LOW
Trust: 0.8
CNVD:	CNVD-2018-12786
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201807-2011
value:	LOW
Trust: 0.6
VULHUB:	VHN-137989
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-7957
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12786
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137989
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7957
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-12786 // VULHUB: VHN-137989 // JVNDB: JVNDB-2018-008887 // CNNVD: CNNVD-201807-2011 // NVD: CVE-2018-7957

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-285	Trust: 0.9

sources: VULHUB: VHN-137989 // JVNDB: JVNDB-2018-008887 // NVD: CVE-2018-7957

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-2011

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201807-2011

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008887

PATCH

title:	huawei-sa-20180704-01-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en	Trust: 0.8
title:	HuaweiVictoria-AL00 Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/133907	Trust: 0.6
title:	Huawei Victoria-AL00 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82738	Trust: 0.6

sources: CNVD: CNVD-2018-12786 // JVNDB: JVNDB-2018-008887 // CNNVD: CNNVD-201807-2011

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7957	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-008887	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-2011	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12786	Trust: 0.6
db:	VULHUB	id:	VHN-137989	Trust: 0.1

sources: CNVD: CNVD-2018-12786 // VULHUB: VHN-137989 // JVNDB: JVNDB-2018-008887 // CNNVD: CNNVD-201807-2011 // NVD: CVE-2018-7957

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7957	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7957	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180704-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2018-12786 // VULHUB: VHN-137989 // JVNDB: JVNDB-2018-008887 // CNNVD: CNNVD-201807-2011 // NVD: CVE-2018-7957

SOURCES

db:	CNVD	id:	CNVD-2018-12786
db:	VULHUB	id:	VHN-137989
db:	JVNDB	id:	JVNDB-2018-008887
db:	CNNVD	id:	CNNVD-201807-2011
db:	NVD	id:	CVE-2018-7957

LAST UPDATE DATE

2024-11-23T22:58:56.258000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12786	date:	2018-07-10T00:00:00
db:	VULHUB	id:	VHN-137989	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008887	date:	2018-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201807-2011	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7957	date:	2024-11-21T04:13:01.107

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-12786	date:	2018-07-10T00:00:00
db:	VULHUB	id:	VHN-137989	date:	2018-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-008887	date:	2018-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201807-2011	date:	2018-08-01T00:00:00
db:	NVD	id:	CVE-2018-7957	date:	2018-07-31T14:29:01.043