CVE-2018-7901

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely.

Published: Apr 30, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-7901
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
huawei / alp-al00b_firmware	-	8.0.0.129
huawei / bla-al00b_firmware	-	8.0.0.129

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en

Vulnerability Database

289,599

CVE-2018-7901