CVE-2018-7989
MEDIUMHuawei Mate 10 pro <BLA-AL00B 8.1.0.326(C00) - Auth Bypass
Title source: llmDescription
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-applock-en
Scores
CVSS v3
4.6
EPSS
0.0003
EPSS Percentile
8.5%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
huawei/mate_10_pro_firmware
< bla-al00b_8.1.0.326\(c00\)
Published
Oct 17, 2018
Tracked Since
Feb 18, 2026