Description
Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en
Scores
CVSS v3
3.3
EPSS
0.0002
EPSS Percentile
6.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (1)
huawei/victoria-al00_firmware
victoria-al00_8.0.0.336a\(c00\)
Published
Jul 31, 2018
Tracked Since
Feb 18, 2026