Details of VAR-201811-0559

ID

VAR-201811-0559

CVE

CVE-2018-7926

TITLE

Huawei Watch 2 Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011720

DESCRIPTION

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch. Huawei Watch 2 is Huawei's second-generation smart sports watch. The Huawei Watch 2 is a smartwatch from the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2018-7926 // JVNDB: JVNDB-2018-011720 // CNVD: CNVD-2018-22278 // VULHUB: VHN-137958

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-22278

AFFECTED PRODUCTS

vendor:	huawei	model:	watch 2	scope:	lte	version:	owdd.180707.001.e1	Trust: 1.8
vendor:	huawei	model:	watch <=owdd.180707.001.e1	scope:	eq	version:	2	Trust: 0.6
vendor:	huawei	model:	watch 2	scope:	eq	version:	owdd.180707.001.e1	Trust: 0.6

sources: CNVD: CNVD-2018-22278 // JVNDB: JVNDB-2018-011720 // CNNVD: CNNVD-201810-1567 // NVD: CVE-2018-7926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7926
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7926
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-22278
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201810-1567
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-137958
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-7926
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-22278
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137958
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7926
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-22278 // VULHUB: VHN-137958 // JVNDB: JVNDB-2018-011720 // CNNVD: CNNVD-201810-1567 // NVD: CVE-2018-7926

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-285	Trust: 0.1

sources: VULHUB: VHN-137958 // NVD: CVE-2018-7926

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1567

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-1567

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011720

PATCH

title:	huawei-sa-20181031-01-watch	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en	Trust: 0.8
title:	Huawei watch permission control vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/143649	Trust: 0.6
title:	Huawei Watch 2 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86537	Trust: 0.6

sources: CNVD: CNVD-2018-22278 // JVNDB: JVNDB-2018-011720 // CNNVD: CNNVD-201810-1567

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7926	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011720	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1567	Trust: 0.7
db:	CNVD	id:	CNVD-2018-22278	Trust: 0.6
db:	VULHUB	id:	VHN-137958	Trust: 0.1

sources: CNVD: CNVD-2018-22278 // VULHUB: VHN-137958 // JVNDB: JVNDB-2018-011720 // CNNVD: CNNVD-201810-1567 // NVD: CVE-2018-7926

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7926	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7926	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181031-01-watch-cn	Trust: 0.6

sources: CNVD: CNVD-2018-22278 // VULHUB: VHN-137958 // JVNDB: JVNDB-2018-011720 // CNNVD: CNNVD-201810-1567 // NVD: CVE-2018-7926

SOURCES

db:	CNVD	id:	CNVD-2018-22278
db:	VULHUB	id:	VHN-137958
db:	JVNDB	id:	JVNDB-2018-011720
db:	CNNVD	id:	CNNVD-201810-1567
db:	NVD	id:	CVE-2018-7926

LAST UPDATE DATE

2024-11-23T22:00:11.761000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-22278	date:	2018-11-05T00:00:00
db:	VULHUB	id:	VHN-137958	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-011720	date:	2019-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-1567	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7926	date:	2024-11-21T04:12:58.243

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-22278	date:	2018-11-01T00:00:00
db:	VULHUB	id:	VHN-137958	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-011720	date:	2019-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-1567	date:	2018-11-01T00:00:00
db:	NVD	id:	CVE-2018-7926	date:	2018-11-13T19:29:00.477