Vulnerability Details : CVE-2018-7930
The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.
Vulnerability category: Information leak
Products affected by CVE-2018-7930
- cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7930
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7930
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.9
|
LOW | AV:A/AC:M/Au:N/C:P/I:N/A:N |
5.5
|
2.9
|
NIST | |
|
5.7
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.1
|
3.6
|
NIST |
CWE ids for CVE-2018-7930
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7930
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-smartphone-en
Security Advisory - Information Leak Vulnerability in the NFC Module of Some Huawei Mobile PhonesVendor Advisory
Jump to