CVE-2018-7987
CVE-2018-7987 is a medium-severity vulnerability in Huawei P20 Firmware with a CVSS 3.x base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-787.
Key facts
- Severity: Medium (CVSS 3.x base score 5.9)
- CVSS v2: 4.3
- EPSS exploit prediction: 1% (50th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-787
- Affected product: Huawei P20 Firmware
- Published:
- Last modified:
Description
There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition.
Frequently asked questions
- What is CVE-2018-7987?
- There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition.
- How severe is CVE-2018-7987?
- CVE-2018-7987 has a CVSS 3.x base score of 5.9, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2018-7987 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (50th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-7987?
- CVE-2018-7987 affects Huawei P20 Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2018-7987?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2018-7987 published?
- CVE-2018-7987 was published on 2018-12-04 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Huawei P20 Firmware
- CVE-2020-0022 — High (CVSS 8.8): In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds…
- CVE-2019-9506 — High (CVSS 8.1): The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and…
- CVE-2019-2215 — High (CVSS 7.8): A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user…
- CVE-2019-5211 — Medium (CVSS 5.7): The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management…
- CVE-2020-9239 — Medium (CVSS 5.5): Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than…
- CVE-2019-5212 — Medium (CVSS 5.5): There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to…
All CVEs affecting Huawei P20 Firmware →
Other CWE-787 (Out-of-bounds Write) vulnerabilities
- CVE-2026-42369 — Critical (CVSS 10.0): GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other…
- CVE-2026-4746 — Critical (CVSS 10.0): Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is…
- CVE-2025-43300 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS…
- CVE-2025-24201 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in…
- CVE-2024-42479 — Critical (CVSS 10.0): llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause…
- CVE-2024-39791 — Critical (CVSS 10.0): Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge…