Vulnerability Description
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Vip App | < 4.0.5 |
| Huawei | Mate 20 Firmware | - |
| Huawei | Mate 20 | - |
| Huawei | Nova 3I Firmware | - |
| Huawei | Nova 3I | - |
| Huawei | Nova 3 Firmware | - |
| Huawei | Nova 3 | - |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivVendor Advisory
FAQ
What is CVE-2018-7956?
CVE-2018-7956 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the V...
How severe is CVE-2018-7956?
CVE-2018-7956 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7956?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vip App, Huawei Mate 20 Firmware, Huawei Mate 20, Huawei Nova 3I Firmware, Huawei Nova 3I.