Vulnerabilities > CVE-2018-7957 - Incorrect Authorization vulnerability in Huawei Victoria-Al00 Firmware Victoriaal008.0.0.336A(C00)

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

huawei

CWE-863

NVD

Published: 2018-07-31

Updated: 2019-10-03

Summary

Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Victoria Al00 Firmware Victoria-Al00_8.0.0.336A\(C00\)	1
Hardware	Huawei Huawei Victoria Al00 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en