Lucene search

HuaweiCVE-2018-7906

HistorySep 12, 2018 - 3:29 p.m.

CVE-2018-7906

2018-09-1215:29:00

CWE-20

huawei

web.nvd.nist.gov

huawei

smartphone

leland-al00

dos

vulnerability

nvd

cve-2018-7906

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone.

Affected configurations

Nvd

Vulners

Node

huaweileland-al00_firmwareMatch8.0.0.114\(c636\)

AND

huaweileland-al00Match-

Node

huaweilleland-al00a_firmwareMatch8.0.0.171\(c00\)

AND

huaweilleland-al00aMatch-

VendorProductVersionCPE
huaweileland-al00_firmware8.0.0.114(c636)cpe:2.3:o:huawei:leland-al00_firmware:8.0.0.114\(c636\):*:*:*:*:*:*:*
huaweileland-al00-cpe:2.3:h:huawei:leland-al00:-:*:*:*:*:*:*:*
huaweilleland-al00a_firmware8.0.0.171(c00)cpe:2.3:o:huawei:lleland-al00a_firmware:8.0.0.171\(c00\):*:*:*:*:*:*:*
huaweilleland-al00a-cpe:2.3:h:huawei:lleland-al00a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	leland-al00_firmware	8.0.0.114(c636)	cpe:2.3:o:huawei:leland-al00_firmware:8.0.0.114\(c636\):::::::*
huawei	leland-al00	-	cpe:2.3:h:huawei:leland-al00:-:::::::*
huawei	lleland-al00a_firmware	8.0.0.171(c00)	cpe:2.3:o:huawei:lleland-al00a_firmware:8.0.0.171\(c00\):::::::*
huawei	lleland-al00a	-	cpe:2.3:h:huawei:lleland-al00a:-:::::::*

CNA Affected

[
  {
    "product": "Leland-AL00, Leland-AL00A",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-smartphone-en

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

Related for CVE-2018-7906