{"containers": {"cna": {"affected": [{"product": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)"}]}], "datePublic": "2018-11-01T00:00:00", "descriptions": [{"lang": "en", "value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."}], "problemTypes": [{"descriptions": [{"description": "authentication bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-13T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2018-7910", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C", "version": {"version_data": [{"version_value": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "authentication bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2018-7910", "datePublished": "2018-11-13T19:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2018-11-13T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.1.18d\\(c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "D327AD65-437A-4DA9-B38E-FFE9147AAB82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:alp-al00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FA2B2F1-3D58-4DC7-AB7A-28BF8B282333", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:alp-tl00b_firmware:8.0.0.1.18d\\(c01\\):*:*:*:*:*:*:*", "matchCriteriaId": "439861D3-3F70-4A8C-A2F0-99120207E3CF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:alp-tl00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7918CD6-341B-4FCC-BD31-30B8952192C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.1.18d\\(c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "06F0F9A3-BC44-463E-BF84-593CAC5CBB45", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bla-al00b:-:*:*:*:*:*:*:*", "matchCriteriaId": "B11D6D9B-335B-404C-88F3-590DF9E5D878", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.127\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "D2CADEF0-2830-4883-8B52-4BCE6B74DBF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.128\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "E4C168E2-2679-478D-815F-FD909FBE1B38", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bla-l09c_firmware:8.0.0.137\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "87AC6AB6-B166-4098-98E1-79A6407DAFA5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bla-l09c:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C787E52-055B-4931-9B5C-604F1578A3A0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.127\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "BD8BD839-9468-4F62-A66B-25C1AF032D05", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bla-l29c_firmware:8.0.0.137\\(c432\\):*:*:*:*:*:*:*", "matchCriteriaId": "641C18E2-CB4A-4169-B836-B4CD171248EC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bla-l29c:-:*:*:*:*:*:*:*", "matchCriteriaId": "551386D1-3D02-4319-B2A2-1AAE80F7F249", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."}, {"lang": "es", "value": "Algunos smartphones Huawei ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432) y 8.0.0.137(C432) tienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Cuando el atacante obtiene el smartphone del usuario, la vulnerabilidad se puede emplear para reemplazar el programa de arranque para que el atacante pueda obtener la informaci\u00f3n en el smartphone y lograr controlarlo."}], "id": "CVE-2018-7910", "lastModified": "2018-12-12T20:39:48.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-13T19:29:00.400", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}