CVE-2018-7924

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

2.4LOW

EPSS

0.0%

top 92.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies Co., Ltd. Anne-al00 Huawei Anne-al00 Firmware

Timeline

PublishedOct 17

Latest updateMay 13

Description

Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶NVDhuawei/anne-al00_firmware8.0.0.151\(c00\)

▶CVEListV5huawei_technologies_co.,_ltd./anne-al00Versions earlier than 8.0.0.151(C00)

🔴Vulnerability Details

GHSA

GHSA-f2wv-jxwv-hgfp: Anne-AL00 Huawei phones with versions earlier than 8↗2022-05-13

▶

CVEList

CVE-2018-7924: Anne-AL00 Huawei phones with versions earlier than 8↗2018-10-17

▶