CVE-2018-7907

CVSS V2 Medium 4.3 CVSS V3 Medium 5.5
Description
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak.
Overview
  • CVE ID
  • CVE-2018-7907
  • Assigner
  • psirt@huawei.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2018-09-26T13:29:00
  • Last Modified Date
  • 2018-11-28T16:52:19
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:huawei:agassi-l09_firmware:ags-l09c100b257custc100d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:agassi-l09_firmware:ags-l09c170b253custc170d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:agassi-l09_firmware:ags-l09c199b251custc199d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:agassi-l09_firmware:ags-l09c229b003custc229d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:agassi-l09:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c100b257custc100d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c128b252custc128d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c170b252custc170d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c229b251custc229d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c331b003custc331d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c794b001custc794d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:agassi-w09:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c100b160custc100d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c170b160custc170d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c199b162custc199d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c209b160custc209d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c333b160custc333d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:baggio2-u01a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:bond-al00c_firmware:bond-al00cc00b201:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:bond-al00c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:bond-al10b_firmware:bond-al10bc00b201:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:bond-al10b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:bond-tl10b_firmware:bond-tl10bc01b201:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:bond-tl10b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:bond-tl10c_firmware:bond-tl10cc01b131:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:bond-tl10c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:haydn-l1jb_firmware:hdn-l1jc137b068:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:haydn-l1jb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:kobe-l09a_firmware:kob-l09c100b252custc100d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:kobe-l09a_firmware:kob-l09c209b002custc209d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:kobe-l09a_firmware:kob-l09c362b001custc362d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:kobe-l09a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:kobe-l09ahn_firmware:kob-l09c233b226:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:kobe-l09ahn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:kobe-w09c_firmware:kob-w09c128b251custc128d001:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:kobe-w09c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:lelandp-l22c_firmware:8.0.0.101_c675custc675d2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:lelandp-l22c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:lelandp-l22d_firmware:8.0.0.101_c675custc675d2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:lelandp-l22d:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:rhone-al00_firmware:rhone-al00c00b186:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:rhone-al00:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:selina-l02_firmware:selina-l02c432b153:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:selina-l02:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:stanford-l09s_firmware:stanford-l09sc432b183:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:stanford-l09s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:toronto-al00_firmware:toronto-al00c00b223:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:toronto-al00:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:toronto-al00a_firmware:toronto-al00ac00b223:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:toronto-al00a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:toronto-tl10_firmware:toronto-tl10c01b223:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:toronto-tl10:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • NONE
  • Base Score
  • 5.5
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 1.8
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2018-7907
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7907
History
Created Old Value New Value Data Type Notes
2022-05-10 17:51:38 Added to TrackCVE
2022-12-03 12:34:07 2018-09-26T13:29Z 2018-09-26T13:29:00 CVE Published Date updated
2022-12-03 12:34:07 2018-11-28T16:52:19 CVE Modified Date updated
2022-12-03 12:34:07 Analyzed Vulnerability Status updated