CVE-2018-7947
First published: Tue Jul 31 2018(Updated: )
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Emily-al00a Firmware | <8.1.0.153\(c00\) | |
| Huawei Emily-al00a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-7947?
CVE-2018-7947 is an authentication bypass vulnerability in Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) that allows an attacker to trick the user to connect to a malicious device.
How can an attacker exploit CVE-2018-7947?
In the debug mode, the attacker can exploit CVE-2018-7947 to bypass some specific functionality and gain unauthorized access.
Which Huawei mobile phones are affected by CVE-2018-7947?
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) are affected by CVE-2018-7947.
What is the severity rating of CVE-2018-7947?
CVE-2018-7947 has a medium severity rating with a score of 3.9.
How can I fix CVE-2018-7947?
Update your Huawei mobile phone to Emily-AL00A 8.1.0.153(C00) or later to address the authentication bypass vulnerability.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei emily-al00a firmware
- canonical/huawei emily-al00a