CVE-2018-7901

3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 76.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Alp-al00b FirmwareHuawei Bla-al00b Firmware
Timeline
PublishedApr 30
Latest updateMay 13

Description

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the att

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

NVDhuawei/alp-al00b_firmware< 8.0.0.129
NVDhuawei/bla-al00b_firmware< 8.0.0.129

🔴Vulnerability Details

2
GHSA
GHSA-3mh5-q9p2-6cqr: RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 82022-05-13
CVEList
CVE-2018-7901: RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 82018-04-30
CVE-2018-7901 (MEDIUM CVSS 4.4) | RCS module in Huawei ALP-AL00B smar | cvebase.io