Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Products
There is a sensitive information leak vulnerability in some Huawei products. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak. (Vulnerability...
5.5CVSS
5.2AI Score
0.001EPSS
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific....
4.6CVSS
4.7AI Score
0.001EPSS
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific....
4.6CVSS
4.7AI Score
0.001EPSS
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific....
4.6CVSS
4.7AI Score
0.001EPSS
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific....
4.7AI Score
0.001EPSS
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter,...
5.5CVSS
5.3AI Score
0.001EPSS
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter,...
5.5CVSS
5.3AI Score
0.001EPSS
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter,...
5.5CVSS
5.3AI Score
0.001EPSS
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter,...
5.3AI Score
0.001EPSS
Security Advisory - FRP Bypass Vulnerability on Smartphones
There is a Factory Reset Protection (FRP) bypass vulnerability on some Huawei smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the...
4.6CVSS
4.9AI Score
0.001EPSS
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
There is a denial of service (DoS) vulnerability in some Huawei smart phones. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until...
5.5CVSS
5.3AI Score
0.001EPSS
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google.....
4.6CVSS
4.9AI Score
0.001EPSS
Quarterly highlights GDPR as a phishing opportunity In the first quarter, we discussed spam designed to exploit GDPR (General Data Protection Regulation), which came into effect on May 25, 2018. Back then spam traffic was limited to invitations to participate in workshops and other educational...
-0.7AI Score
0.974EPSS
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific....
3.9CVSS
4.4AI Score
0.0004EPSS
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific....
3.9CVSS
4.3AI Score
0.0004EPSS
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific....
3.9CVSS
4.3AI Score
0.0004EPSS
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific....
4.3AI Score
0.0004EPSS
Security Advisory - Authentication Bypass Vulnerability in Some Huawei Mobile Phones
There is an authentication bypass vulnerability in some Huawei mobile phones. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some....
3.9CVSS
4.7AI Score
0.0004EPSS
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to...
6.8CVSS
6.5AI Score
0.001EPSS
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to...
6.8CVSS
6.5AI Score
0.001EPSS
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to...
6.8CVSS
6.5AI Score
0.001EPSS
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to...
6.5AI Score
0.001EPSS
Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile...
6.5CVSS
6.5AI Score
0.001EPSS
Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile...
6.5CVSS
6.5AI Score
0.001EPSS
Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile...
6.5CVSS
6.5AI Score
0.001EPSS
Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile...
6.5AI Score
0.001EPSS
Security Advisory - DoS Vulnerability in SMS Module of Some Huawei Smart Phones
There is a Denial of Service (DoS) vulnerability in the Short Message Service (SMS) module of some Huawei smart phones. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and...
6.5CVSS
6.3AI Score
0.001EPSS
Security Advisory - FRP Bypass Vulnerability in Some Huawei Smart Phones
There is Factory Reset Protection (FRP) bypass vulnerability in some Huawei smart phones. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally....
6.8CVSS
6.4AI Score
0.001EPSS
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter.....
7.8CVSS
7.7AI Score
0.001EPSS
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter.....
7.8CVSS
7.7AI Score
0.001EPSS
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter.....
7.8CVSS
7.7AI Score
0.001EPSS
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter.....
7.7AI Score
0.001EPSS
Security Advisory - Arbitrary Memory Free Vulnerability in GPU Driver of Some Huawei Smart Phones
There is an arbitrary memory free vulnerability in GPU driver of some Huawei smart phones due to insufficient parameters verification. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory...
7.8CVSS
7.7AI Score
0.001EPSS
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before...
4.6CVSS
4.7AI Score
0.001EPSS
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before...
4.6CVSS
4.7AI Score
0.001EPSS
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before...
4.6CVSS
4.7AI Score
0.001EPSS
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before...
4.7AI Score
0.001EPSS
Security Advisory - Information Exposure Vulnerability in Some Smart Phones
There is an information exposure vulnerability in some Huawei smart phones. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of....
4.6CVSS
5AI Score
0.001EPSS
CISO Forum and the problems of Vulnerability Databases
Last Tuesday, April 24, I was at "CISO FORUM 2020: glance to the future". I presented there my report "Vulnerability Databases: sifting thousands tons of verbal ore". In this post, I'll briefly talk about this report and about the event itself. My speech was the last in the program. At the same...
6.7AI Score
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with...
4.4CVSS
4.6AI Score
0.001EPSS
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with...
4.4CVSS
4.6AI Score
0.001EPSS
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with...
4.4CVSS
4.6AI Score
0.001EPSS
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with...
4.6AI Score
0.001EPSS
Security Advisory - Remote Control Vulnerability in RCS Module of Some Huawei Smart Phones
There is a remote control vulnerability in RCS module of some Huawei smart phones. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key....
4.4CVSS
4.8AI Score
0.001EPSS
CyberCentral Summit 2018 in Prague
Almost whole last week I spent in Prague at CyberCentral conference. It was a pretty unique experience for me. I was for the first time at the International conference as a speaker. And not only I presented my report there, but lead the round table on Vulnerability Management and participated in a....
-0.5AI Score
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may....
5.3CVSS
5.2AI Score
0.001EPSS
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may....
5.3CVSS
5.2AI Score
0.001EPSS
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may....
5.3CVSS
5.2AI Score
0.001EPSS
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may....
5.2AI Score
0.001EPSS
Vulchain scan workflow and search queries
This post will be about my Vulnerability Scanner project - Vulchain. Recently I've spent couple of my weekends almost exclusively on coding: refactoring the scan engine, creating API and GUI. I was doing it because of the conferences, where I will be speaking soon: April 11-13 CyberCentral in...
-0.1AI Score