CVE-2018-7910
MEDIUMHuawei ALP-AL00B ALP-TL00B BLA-AL00B BLA-L09C BLA-L29C Firmware - Authentication Bypass
Title source: llmDescription
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en
Scores
CVSS v3
6.8
EPSS
0.0003
EPSS Percentile
8.9%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (8)
huawei/alp-al00b_firmware
8.0.0.1.18d\(c00\)
huawei/alp-tl00b_firmware
8.0.0.1.18d\(c01\)
huawei/bla-al00b_firmware
8.0.0.1.18d\(c00\)
huawei/bla-l09c_firmware
8.0.0.127\(c432\)
huawei/bla-l09c_firmware
8.0.0.128\(c432\)
huawei/bla-l09c_firmware
8.0.0.137\(c432\)
huawei/bla-l29c_firmware
8.0.0.127\(c432\)
huawei/bla-l29c_firmware
8.0.0.137\(c432\)
Published
Nov 13, 2018
Tracked Since
Feb 18, 2026