var-201811-0861
Vulnerability from variot
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. plural Huawei Smartphones have vulnerabilities related to authorization, authority, and access control.Information may be tampered with. Huawei Mate9Pro and Nova2Plus are all smart phones from China's Huawei company. The Huawei nova 2 Plus and Mate9 Pro are smartphones from the Chinese company Huawei. There are security vulnerabilities in Huawei nova 2 Plus versions prior to 8.0.0.350(C00) and Mate9 Pro versions prior to 8.0.0.363(C00). The vulnerability stems from insufficient verification of permissions by the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0861",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nova 2 plus",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "8.0.0.350\\(c00\\)"
},
{
"model": "mate 9 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "8.0.0.363\\(c00\\)"
},
{
"model": "mate 9 pro",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "nova 2 plus",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "nova plus \u003c8.0.0.350",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "2"
},
{
"model": "mate pro \u003c8.0.0.363",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"db": "NVD",
"id": "CVE-2018-7988"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:nova_2_plus_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
}
]
},
"cve": "CVE-2018-7988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7988",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-23257",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-138020",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2018-7988",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7988",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7988",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-23257",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-495",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138020",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"db": "VULHUB",
"id": "VHN-138020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-495"
},
{
"db": "NVD",
"id": "CVE-2018-7988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. plural Huawei Smartphones have vulnerabilities related to authorization, authority, and access control.Information may be tampered with. Huawei Mate9Pro and Nova2Plus are all smart phones from China\u0027s Huawei company. The Huawei nova 2 Plus and Mate9 Pro are smartphones from the Chinese company Huawei. There are security vulnerabilities in Huawei nova 2 Plus versions prior to 8.0.0.350(C00) and Mate9 Pro versions prior to 8.0.0.363(C00). The vulnerability stems from insufficient verification of permissions by the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7988"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"db": "VULHUB",
"id": "VHN-138020"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7988",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-495",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-23257",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-138020",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"db": "VULHUB",
"id": "VHN-138020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-495"
},
{
"db": "NVD",
"id": "CVE-2018-7988"
}
]
},
"id": "VAR-201811-0861",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"db": "VULHUB",
"id": "VHN-138020"
}
],
"trust": 1.32075572
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23257"
}
]
},
"last_update_date": "2024-11-23T22:41:38.917000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20181114-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"
},
{
"title": "Huawei smartphone FRP bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/144797"
},
{
"title": "Huawei nova 2 Plus and Mate9 Pro Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86896"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"db": "NVD",
"id": "CVE-2018-7988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7988"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7988"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181114-01-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"db": "VULHUB",
"id": "VHN-138020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-495"
},
{
"db": "NVD",
"id": "CVE-2018-7988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"db": "VULHUB",
"id": "VHN-138020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-495"
},
{
"db": "NVD",
"id": "CVE-2018-7988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"date": "2018-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-138020"
},
{
"date": "2019-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"date": "2018-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-495"
},
{
"date": "2018-11-27T22:29:00.523000",
"db": "NVD",
"id": "CVE-2018-7988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-23257"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138020"
},
{
"date": "2019-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014582"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-495"
},
{
"date": "2024-11-21T04:13:02.290000",
"db": "NVD",
"id": "CVE-2018-7988"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Vulnerabilities related to authorization, authority, and access control in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014582"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-495"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.