Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7926

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch.

Published

2018-11-13T19:29:00.477

Last Modified

2024-11-21T04:12:58.243

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	watch_2_firmware	≤ owdd.180707.001.e1	Yes
Hardware	huawei	watch_2	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)