CVE-2018-7930

CWE-200 — Information Exposure3 documents3 sources

Severity

5.7MEDIUM

EPSS

0.0%

top 86.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Mate 9 Firmware Huawei Technologies Co., Ltd. Mate 9

Timeline

PublishedApr 11

Latest updateMay 14

Description

The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/mate_9_firmware< mha-l29b_8.0.0.366\(c567\)

▶CVEListV5huawei_technologies_co.,_ltd./mate_9The versions before MHA-L29B 8.0.0.366(C567)

🔴Vulnerability Details

GHSA

GHSA-fx44-x6g3-42f2: The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8↗2022-05-14

▶

CVEList

CVE-2018-7930: The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8↗2018-04-11

▶