CVE Vulnerabilities

CVE-2018-7940

Improper Authentication

Published: May 10, 2018 | Modified: Jun 13, 2018
CVSS 3.x
6.2
MEDIUM
Source:
NVD
CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Mate_9_firmware Huawei * 8.0.0.129(sp2c00) (excluding)

Potential Mitigations

References