CVE-2018-7940

CWE-287Improper Authentication3 documents3 sources
Severity
6.2MEDIUM
EPSS
0.0%
top 94.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Mate 9 FirmwareHuawei Mate 9 PRO Firmware
Timeline
PublishedMay 10
Latest updateMay 14

Description

Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/mate_9_firmware< 8.0.0.129\(sp2c00\)
NVDhuawei/mate_9_pro_firmware< 8.0.0.129\(sp2c01\)

🔴Vulnerability Details

2
GHSA
GHSA-vqm5-7rwj-fpcv: Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 82022-05-14
CVEList
CVE-2018-7940: Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 82018-05-10
CVE-2018-7940 (MEDIUM CVSS 6.2) | Huawei smart phones Mate 10 and Mat | cvebase.io