Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch.
References
Link | Resource |
---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: huawei
Published: 2018-11-13T19:00:00
Updated: 2018-11-13T18:57:01
Reserved: 2018-03-09T00:00:00
Link: CVE-2018-7926
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-11-13T19:29:00.477
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-7926
JSON object: View
Redhat Information
No data.
CWE