- Description
- Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 3.9
- Impact score
- 3.4
- Exploitability score
- 0.5
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C89D2623-A661-4837-B0DC-BEC6802B8895",
"versionEndExcluding": "8.1.0.153\\(c00\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:emily-al00a:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8AC84A74-7F01-4434-896C-B9B595984F23"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]