Overview
- Description
- Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 3.9
- Impact score
- 3.4
- Exploitability score
- 0.5
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C89D2623-A661-4837-B0DC-BEC6802B8895",
"versionEndExcluding": "8.1.0.153\\(c00\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:emily-al00a:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8AC84A74-7F01-4434-896C-B9B595984F23"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]