CVE-2018-7907

Name: CVE-2018-7907
Creator: NVD / NIST
Published: 2018-09-26T13:29:00.527+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.66%

Last modified Jun 17, 2026

CVE-2018-7907 is a vulnerability of currently unknown severity. Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. EPSS estimates a 0.66% chance of exploitation in the next 30 days.

Description

Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak.

Metrics

EPSS Probability

0.66%

46.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Huawei	Agassi-L09 Firmware	ags-l09c100b257custc100d001
Huawei	Agassi-L09 Firmware	ags-l09c170b253custc170d001
Huawei	Agassi-L09 Firmware	ags-l09c199b251custc199d001
Huawei	Agassi-L09 Firmware	ags-l09c229b003custc229d001
Huawei	Agassi-W09 Firmware	ags-w09c100b257custc100d001
Huawei	Agassi-W09 Firmware	ags-w09c128b252custc128d001
Huawei	Agassi-W09 Firmware	ags-w09c170b252custc170d001
Huawei	Agassi-W09 Firmware	ags-w09c229b251custc229d001
Huawei	Agassi-W09 Firmware	ags-w09c331b003custc331d001
Huawei	Agassi-W09 Firmware	ags-w09c794b001custc794d001
Huawei	Baggio2-U01a Firmware	bg2-u01c100b160custc100d001
Huawei	Baggio2-U01a Firmware	bg2-u01c170b160custc170d001
Huawei	Baggio2-U01a Firmware	bg2-u01c199b162custc199d001
Huawei	Baggio2-U01a Firmware	bg2-u01c209b160custc209d001
Huawei	Baggio2-U01a Firmware	bg2-u01c333b160custc333d001
Huawei	Bond-Al00c Firmware	bond-al00cc00b201
Huawei	Bond-Al10b Firmware	bond-al10bc00b201
Huawei	Bond-Tl10b Firmware	bond-tl10bc01b201
Huawei	Bond-Tl10c Firmware	bond-tl10cc01b131
Huawei	Haydn-L1jb Firmware	hdn-l1jc137b068
Huawei	Kobe-L09a Firmware	kob-l09c100b252custc100d001
Huawei	Kobe-L09a Firmware	kob-l09c209b002custc209d001
Huawei	Kobe-L09a Firmware	kob-l09c362b001custc362d001
Huawei	Kobe-L09ahn Firmware	kob-l09c233b226
Huawei	Kobe-W09c Firmware	kob-w09c128b251custc128d001
Huawei	Lelandp-L22c Firmware	8.0.0.101_c675custc675d2
Huawei	Lelandp-L22d Firmware	8.0.0.101_c675custc675d2
Huawei	Rhone-Al00 Firmware	rhone-al00c00b186
Huawei	Selina-L02 Firmware	selina-l02c432b153
Huawei	Stanford-L09s Firmware	stanford-l09sc432b183
Huawei	Toronto-Al00 Firmware	toronto-al00c00b223
Huawei	Toronto-Al00a Firmware	toronto-al00ac00b223
Huawei	Toronto-Tl10 Firmware	toronto-tl10c01b223

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-enVendor Advisory

Timeline

Published: Sep 26, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-7907?

How severe is CVE-2018-7907?

Severity scoring for CVE-2018-7907 is pending analysis. The EPSS model estimates a 0.66% probability of exploitation in the next 30 days.

How do I fix CVE-2018-7907?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7907?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST