Vulnerability Description
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Agassi-L09 Firmware | ags-l09c100b257custc100d001 |
| Huawei | Agassi-L09 | - |
| Huawei | Agassi-W09 Firmware | ags-w09c100b257custc100d001 |
| Huawei | Agassi-W09 | - |
| Huawei | Baggio2-U01A Firmware | bg2-u01c100b160custc100d001 |
| Huawei | Baggio2-U01A | - |
| Huawei | Bond-Al00C Firmware | bond-al00cc00b201 |
| Huawei | Bond-Al00C | - |
| Huawei | Bond-Al10B Firmware | bond-al10bc00b201 |
| Huawei | Bond-Al10B | - |
| Huawei | Bond-Tl10B Firmware | bond-tl10bc01b201 |
| Huawei | Bond-Tl10B | - |
| Huawei | Bond-Tl10C Firmware | bond-tl10cc01b131 |
| Huawei | Bond-Tl10C | - |
| Huawei | Haydn-L1Jb Firmware | hdn-l1jc137b068 |
| Huawei | Haydn-L1Jb | - |
| Huawei | Kobe-L09A Firmware | kob-l09c100b252custc100d001 |
| Huawei | Kobe-L09A | - |
| Huawei | Kobe-L09Ahn Firmware | kob-l09c233b226 |
| Huawei | Kobe-L09Ahn | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphVendor Advisory
FAQ
What is CVE-2018-7907?
CVE-2018-7907 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B...
How severe is CVE-2018-7907?
CVE-2018-7907 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7907?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Agassi-L09 Firmware, Huawei Agassi-L09, Huawei Agassi-W09 Firmware, Huawei Agassi-W09, Huawei Baggio2-U01A Firmware.