Huawei · Bla-Al00B · CVE-2018-7910
Name of the Vulnerable Software and Affected Versions:
Huawei smartphones ALP-AL00B version 8.0.0.118D(C00)
Huawei smartphones ALP-TL00B version 8.0.0.118D(C01)
Huawei smartphones BLA-AL00B version 8.0.0.118D(C00)
Huawei smartphones BLA-L09C versions 8.0.0.127(C432) through 8.0.0.137(C432)
Huawei smartphones BLA-L29C versions 8.0.0.129(C432) through 8.0.0.137(C432)
Description:
The issue allows an attacker to bypass authentication on the affected devices. If an attacker gains physical access to the smartphone, they can exploit this to replace the start-up program, potentially allowing them to access information on the device and control it.
Recommendations:
For ALP-AL00B version 8.0.0.118D(C00), update to a newer version that addresses the authentication bypass issue.
For ALP-TL00B version 8.0.0.118D(C01), update to a newer version that addresses the authentication bypass issue.
For BLA-AL00B version 8.0.0.118D(C00), update to a newer version that addresses the authentication bypass issue.
For BLA-L09C versions 8.0.0.127(C432) through 8.0.0.137(C432), update to a newer version that addresses the authentication bypass issue.
For BLA-L29C versions 8.0.0.129(C432) through 8.0.0.137(C432), update to a newer version that addresses the authentication bypass issue.