Overview
- Description
- Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 1.4
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-863
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:victoria-al00_firmware:victoria-al00_8.0.0.336a\\(c00\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6911D31F-BD23-429F-AF6A-9E8DD3664341"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:victoria-al00:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CF41D0A5-FE05-4A76-9747-1FD382FD7FD6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]