Vulnerabilities > CVE-2017-15340 - Unspecified vulnerability in Huawei Tag-Al00 Firmware Tagal00C92B168

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

huawei

NVD

Published: 2018-02-15

Updated: 2019-10-03

Summary

Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei TAG Al00 Firmware Tag-Al00C92B168	1
Hardware	Huawei Huawei TAG Al00 -	1

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en