{"id": "CVE-2018-7907", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-09-26T13:29:00.527", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak."}, {"lang": "es", "value": "Algunos productos Huawei Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223 y Toronto-TL10 Toronto-TL10C01B223 tienen una vulnerabilidad de filtrado de informaci\u00f3n sensible. Un atacante puede enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa para explotar esta vulnerabilidad. Debido a la verificaci\u00f3n insuficiente de las entradas, su explotaci\u00f3n exitosa puede provocar un filtrado de informaci\u00f3n sensible."}], "lastModified": "2018-11-28T16:52:19.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:agassi-l09_firmware:ags-l09c100b257custc100d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F827EDE-1276-46C4-B802-E0F6182636B0"}, {"criteria": "cpe:2.3:o:huawei:agassi-l09_firmware:ags-l09c170b253custc170d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0C51EE3-995E-4652-BF65-BD274B7C7848"}, {"criteria": "cpe:2.3:o:huawei:agassi-l09_firmware:ags-l09c199b251custc199d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64663B9D-2047-46FE-B7BE-A10BD60D4DE3"}, {"criteria": "cpe:2.3:o:huawei:agassi-l09_firmware:ags-l09c229b003custc229d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6BAFF17-A6D9-48D7-BA9E-5896FA281A66"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:agassi-l09:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E3833712-95E8-4CC9-B55E-2F029E54C667"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c100b257custc100d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7349EFB-FE37-4584-BCA0-950C64F0BD4D"}, {"criteria": "cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c128b252custc128d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDF5BA80-7832-40AD-A97E-E11A3F60E02F"}, {"criteria": "cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c170b252custc170d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "123D3E09-7528-4572-9A6B-6052829E66DF"}, {"criteria": "cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c229b251custc229d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB4C327-1C75-4222-A112-3F4B3A2E35C9"}, {"criteria": "cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c331b003custc331d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95C1874D-290E-46EE-AB85-49BFB2C7A7AD"}, {"criteria": "cpe:2.3:o:huawei:agassi-w09_firmware:ags-w09c794b001custc794d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB392D3A-DAA3-410C-AC55-93494C2BCF51"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:agassi-w09:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0D90B4A-C25C-4DE3-9014-582F635E936F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c100b160custc100d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E253E252-267B-4765-BFB7-37B2691878B0"}, {"criteria": "cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c170b160custc170d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D94BECC2-AB1C-450F-8BC1-EB6B2BE7B61D"}, {"criteria": "cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c199b162custc199d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C77A32FD-9B24-493D-96CA-DCBE379ACC8E"}, {"criteria": "cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c209b160custc209d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5322B262-F0E9-4C81-B4DF-B960A7BABE6A"}, {"criteria": "cpe:2.3:o:huawei:baggio2-u01a_firmware:bg2-u01c333b160custc333d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "891DF843-1CAF-4CBC-9A11-7741BFB42943"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:baggio2-u01a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B44EB2A1-70E1-4056-AE68-88ED157416FE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bond-al00c_firmware:bond-al00cc00b201:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19E20C9A-EAAD-45E8-A477-38EDE08040E1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bond-al00c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "276913D1-0C7C-41D1-8CD8-F23386B6441B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bond-al10b_firmware:bond-al10bc00b201:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA7D3DEB-35D9-4FD6-A0D3-0B8740E3C03E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bond-al10b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C81E62E7-5286-4932-9498-FAF5E01D9C16"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bond-tl10b_firmware:bond-tl10bc01b201:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DD3CE44-E738-403E-95EF-0B4C85E1D453"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bond-tl10b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58F076DF-3AD0-45FB-A98D-FCC5CCFD0464"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bond-tl10c_firmware:bond-tl10cc01b131:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1F95540-3D6C-40E1-B8EC-1959DB5B25D3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bond-tl10c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F07A146F-0FB6-4F24-9A62-81418471C437"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:haydn-l1jb_firmware:hdn-l1jc137b068:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0560310F-ACD9-425D-A69B-A421BEF93422"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:haydn-l1jb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5FBEFB8E-593E-4FF2-B7B3-A35AEA88FBBF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:kobe-l09a_firmware:kob-l09c100b252custc100d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4303A983-8A41-4534-B635-752A842C9818"}, {"criteria": "cpe:2.3:o:huawei:kobe-l09a_firmware:kob-l09c209b002custc209d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B439486-8545-4EAC-AC83-1AA21C6BD2D2"}, {"criteria": "cpe:2.3:o:huawei:kobe-l09a_firmware:kob-l09c362b001custc362d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "866E2099-F472-4757-A662-ED42891BA46F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:kobe-l09a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7A1B9004-674D-474C-B549-8F676E55C062"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:kobe-l09ahn_firmware:kob-l09c233b226:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35CF61AD-3D04-42D4-8981-31A1201D4DB6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:kobe-l09ahn:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58C4B423-90C0-4A6E-A246-1A8BB7282AC8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:kobe-w09c_firmware:kob-w09c128b251custc128d001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAEEA7E6-354F-42FF-B2FA-778369FB758A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:kobe-w09c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D61E75D7-6AAB-4DFF-B5FE-5813511A6025"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:lelandp-l22c_firmware:8.0.0.101_c675custc675d2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CA04479-3205-4B8C-A718-310FEC6BB0C4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:lelandp-l22c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80D7FA39-2EE4-49F8-9EF4-009304DB6108"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:lelandp-l22d_firmware:8.0.0.101_c675custc675d2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF94D1CF-8781-4B2B-9D7F-8AF4ECFFB4AC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:lelandp-l22d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A956F54-5B4B-4103-BA45-88F8FF7D9FD7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:rhone-al00_firmware:rhone-al00c00b186:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A9B77C6-81F3-4F03-B2DA-ADA61E76E239"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:rhone-al00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4584E368-FDA6-41FD-923F-74A30E404967"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:selina-l02_firmware:selina-l02c432b153:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5033AC6-6E65-4D44-ACB3-5FA17CDFC5C6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:selina-l02:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DED60F5C-D4BF-4BE4-87F2-44B0F3490DE0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:stanford-l09s_firmware:stanford-l09sc432b183:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D520B64B-B051-45FE-BE6F-EBEBE9FE0777"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:stanford-l09s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5091556-29A3-4781-A6CA-FB0BD03DEB01"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:toronto-al00_firmware:toronto-al00c00b223:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FB76207-04DB-44A2-B06B-505E910D1440"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:toronto-al00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "876D76BE-3687-4049-B3C9-7E1469E18CC0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:toronto-al00a_firmware:toronto-al00ac00b223:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77565C14-795B-420E-B08C-FC6BDC3626E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:toronto-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A83D96D-0B5A-42F0-B967-BC27C5B14573"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:toronto-tl10_firmware:toronto-tl10c01b223:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E71D795C-A2FA-4416-BEE8-3C4EA801E186"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:toronto-tl10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7401A6EC-6133-442D-A638-FF03132D0EF5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}