CVE-2018-7906 - OpenCVE

Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Leland-al00 Leland-al00 Firmware Lleland-al00a Lleland-al00a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:leland-al00_firmware:8.0.0.114\(c636\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:leland-al00:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:lleland-al00a_firmware:8.0.0.171\(c00\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:lleland-al00a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-09-12T15:00:00

Updated: 2024-08-05T06:37:59.582Z

Reserved: 2018-03-09T00:00:00

Link: CVE-2018-7906

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-12T15:29:00.750

Modified: 2018-11-27T16:49:59.477

Link: CVE-2018-7906

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Leland-AL00, Leland-AL00A", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00)"}]}], "datePublic": "2018-09-05T00:00:00", "descriptions": [{"lang": "en", "value": "Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone."}], "problemTypes": [{"descriptions": [{"description": "denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-12T14:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2018-7906", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Leland-AL00, Leland-AL00A", "version": {"version_data": [{"version_value": "Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00)"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.582Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2018-7906", "datePublished": "2018-09-12T15:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2024-08-05T06:37:59.582Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:leland-al00_firmware:8.0.0.114\\(c636\\):*:*:*:*:*:*:*", "matchCriteriaId": "E5D940E4-61FB-419C-AD7B-1072ADD11479", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:leland-al00:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD1D9B52-40E4-4605-ABD7-E2C7B3E0393F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:lleland-al00a_firmware:8.0.0.171\\(c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "87DD0543-3E61-4018-88B0-07A57F0A73BE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:lleland-al00a:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B3342B9-5F59-4D4E-9828-0EA129F51AAB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone."}, {"lang": "es", "value": "Algunos smartphones Huawei con software Leland-AL00 8.0.0.114(C636) y Leland-AL00A 8.0.0.171(C00) tienen una vulnerabilidad de denegaci\u00f3n de servicio (DoS). Un atacante puede enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa para explotar esta vulnerabilidad. Debido a la verificaci\u00f3n insuficiente del par\u00e1metro, su explotaci\u00f3n con \u00e9xito podr\u00eda provocar que la pantalla del smartphone se vuelva negra hasta que se reinicie el tel\u00e9fono."}], "id": "CVE-2018-7906", "lastModified": "2018-11-27T16:49:59.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-12T15:29:00.750", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}