CVE-2018-7947

CWE-287Improper Authentication3 documents3 sources
Severity
3.9LOW
EPSS
0.0%
top 90.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Emily-al00a FirmwareHuawei Technologies Co., Ltd. Emily-al00a
Timeline
PublishedJul 31
Latest updateMay 14

Description

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 0.5 | Impact: 3.4

Affected Packages2 packages

NVDhuawei/emily-al00a_firmware< 8.1.0.153\(c00\)
CVEListV5huawei_technologies_co.,_ltd./emily-al00aVersions earlier before 8.1.0.153(C00)

🔴Vulnerability Details

2
GHSA
GHSA-p4wm-rj32-63x3: Huawei mobile phones with versions earlier before Emily-AL00A 82022-05-14
CVEList
CVE-2018-7947: Huawei mobile phones with versions earlier before Emily-AL00A 82018-07-31
CVE-2018-7947 (LOW CVSS 3.9) | Huawei mobile phones with versions | cvebase.io