CVE-2018-7938

CWE-200Information Exposure3 documents3 sources
Severity
3.3LOW
EPSS
0.1%
top 74.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P10 FirmwareHuawei Technologies Co., Ltd. P10
Timeline
PublishedSep 4
Latest updateMay 14

Description

P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDhuawei/p10_firmware< victoria-al00ac00b217
CVEListV5huawei_technologies_co.,_ltd./p10The versions before Victoria-AL00AC00B217

🔴Vulnerability Details

2
GHSA
GHSA-mggw-wg5r-rgfm: P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation2022-05-14
CVEList
CVE-2018-7938: P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation2018-09-04
CVE-2018-7938 (LOW CVSS 3.3) | P10 Huawei smartphones with the ver | cvebase.io