CVE-2018-7901

Published: Apr 30, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely.

Vendor	Product	Versions
Huawei Technologies Co., Ltd.	ALP-AL00B, BLA-AL00B	affected `ALP-AL00B, earlier versions than 8.0.0.129, BLA-AL00B, earlier versions than 8.0.0.129`

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-7901

Description

Affected Products

References