First published: Tue Dec 04 2018(Updated: )
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei VIP App | <4.0.5 | |
Huawei Mate 20 Firmware | ||
HUAWEI Mate 20 | ||
Huawei Nova 3i Firmware | ||
Huawei Nova 3i | ||
Apple Sierra | ||
Apple Sierra |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7956 is a vulnerability in the Huawei VIP App that allows attackers to conduct brute force attacks and gain access to user information.
Versions before 4.0.5 of the Huawei VIP App are affected by CVE-2018-7956.
CVE-2018-7956 has a severity rating of 5.3 (Medium).
Attackers can exploit CVE-2018-7956 by conducting brute force attacks to gain unauthorized access to the VIP App Web Services and obtain user information.
To protect yourself from CVE-2018-7956, make sure you have updated to version 4.0.5 or later of the Huawei VIP App.