First published: Wed Apr 11 2018(Updated: )
The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Mate 9 Firmware | <mha-l29b_8.0.0.366\(c567\) | |
Huawei Mate 9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7930 is an information leak vulnerability in the Near Field Communication (NFC) module of Huawei Mate 9 mobile phones prior to version MHA-L29B 8.0.0.366(C567).
CVE-2018-7930 occurs due to insufficient validation on data transfer requests when an affected Huawei Mate 9 mobile phone sends files to an attacker's mobile phone using NFC.
CVE-2018-7930 has a severity rating of 5.7, which is considered medium.
The Huawei Mate 9 mobile phones with firmware versions prior to MHA-L29B 8.0.0.366(C567) are affected by CVE-2018-7930.
To fix CVE-2018-7930, users should update their Huawei Mate 9 mobile phones to version MHA-L29B 8.0.0.366(C567) or later.