CVE-2018-7930
MEDIUMHuawei Mate 9 Firmware < MHA-L29B 8.0.0.366(C567) - Unauthorized File Access via NFC Data Transfer
Title source: llmDescription
The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en
Scores
CVSS v3
5.7
EPSS
0.0004
EPSS Percentile
13.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
huawei/mate_9_firmware
< mha-l29b_8.0.0.366\(c567\)
Published
Apr 11, 2018
Tracked Since
Feb 18, 2026