Vulnerabilites related to huawei - victoria-al00a
var-201711-0242
Vulnerability from variot
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vky-al00c00b123"
},
{
"model": "p10",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vtr-al00c00b123"
},
{
"model": "vicky-al00a \u003cvicky-al00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a \u003cvictoria-al00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "victoria-al00ac00b123",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00ac00b123",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"db": "NVD",
"id": "CVE-2017-2726"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADLab of Venustech.",
"sources": [
{
"db": "BID",
"id": "97696"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-964"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2726",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2726",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-04679",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2017-2726",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2726",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-2726",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04679",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-964",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-2726",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"db": "VULMON",
"id": "CVE-2017-2726"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-964"
},
{
"db": "NVD",
"id": "CVE-2017-2726"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. \nLocal attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2726"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "VULMON",
"id": "CVE-2017-2726"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2726",
"trust": 3.4
},
{
"db": "BID",
"id": "97696",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010610",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-04679",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-964",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-2726",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"db": "VULMON",
"id": "CVE-2017-2726"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-964"
},
{
"db": "NVD",
"id": "CVE-2017-2726"
}
]
},
"id": "VAR-201711-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04679"
}
],
"trust": 1.2523158075
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04679"
}
]
},
"last_update_date": "2024-11-23T22:12:48.186000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170405-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
},
{
"title": "There are multiple buffer overflow vulnerabilities (CNVD-2017-04679) patch for Huawei Mobile Bastet component.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92019"
},
{
"title": "Huawei Vicky-AL00A and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75151"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-964"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"db": "NVD",
"id": "CVE-2017-2726"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/97696"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2726"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2726"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"db": "VULMON",
"id": "CVE-2017-2726"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-964"
},
{
"db": "NVD",
"id": "CVE-2017-2726"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"db": "VULMON",
"id": "CVE-2017-2726"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-964"
},
{
"db": "NVD",
"id": "CVE-2017-2726"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2726"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97696"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"date": "2017-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-964"
},
{
"date": "2017-11-22T19:29:01.583000",
"db": "NVD",
"id": "CVE-2017-2726"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04679"
},
{
"date": "2017-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2726"
},
{
"date": "2017-04-18T00:07:00",
"db": "BID",
"id": "97696"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010610"
},
{
"date": "2017-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-964"
},
{
"date": "2024-11-21T03:24:03.707000",
"db": "NVD",
"id": "CVE-2017-2726"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-964"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P10 Plus and P10 Buffer error vulnerability in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010610"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-964"
}
],
"trust": 0.6
}
}
var-201711-0935
Vulnerability from variot
Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart. HuaweiVicky-AL00A and Victoria-AL00A are both Huawei's smartphone devices. The vulnerability stems from the program not fully performing input verification. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the system, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0935",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vky-al00c00b157"
},
{
"model": "p10",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vtr-al00c00b157"
},
{
"model": "victoria-al00a \u003c=victoria-al00ac00b157",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-al00a \u003c=vicky-al00ac00b157",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "victoria-al00ac00b157",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00ac00b157",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"db": "BID",
"id": "99370"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"db": "NVD",
"id": "CVE-2017-8172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Ye, Xu Lei Yong, Li Bo of 360 Vulpecker Team",
"sources": [
{
"db": "BID",
"id": "99370"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-070"
}
],
"trust": 0.9
},
"cve": "CVE-2017-8172",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-8172",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-13795",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2017-8172",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8172",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8172",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-13795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-070",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-070"
},
{
"db": "NVD",
"id": "CVE-2017-8172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart. HuaweiVicky-AL00A and Victoria-AL00A are both Huawei\u0027s smartphone devices. The vulnerability stems from the program not fully performing input verification. Multiple Huawei products are prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the system, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8172"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"db": "BID",
"id": "99370"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8172",
"trust": 3.3
},
{
"db": "BID",
"id": "99370",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010801",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-13795",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201707-070",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"db": "BID",
"id": "99370"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-070"
},
{
"db": "NVD",
"id": "CVE-2017-8172"
}
]
},
"id": "VAR-201711-0935",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13795"
}
],
"trust": 1.2523158075
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13795"
}
]
},
"last_update_date": "2024-11-23T22:12:47.384000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170628-01-isub",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en"
},
{
"title": "HuaweiVicky-AL00A and Victoria-AL00A mobile phone isub service denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/97803"
},
{
"title": "Huawei Vicky-AL00A and Victoria-AL00A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71407"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-070"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-129",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"db": "NVD",
"id": "CVE-2017-8172"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99370"
},
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8172"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8172"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170628-01-isub-en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"db": "BID",
"id": "99370"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-070"
},
{
"db": "NVD",
"id": "CVE-2017-8172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"db": "BID",
"id": "99370"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-070"
},
{
"db": "NVD",
"id": "CVE-2017-8172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"date": "2017-07-03T00:00:00",
"db": "BID",
"id": "99370"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-070"
},
{
"date": "2017-11-22T19:29:04.053000",
"db": "NVD",
"id": "CVE-2017-8172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13795"
},
{
"date": "2017-07-03T00:00:00",
"db": "BID",
"id": "99370"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010801"
},
{
"date": "2017-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-070"
},
{
"date": "2024-11-21T03:33:28.010000",
"db": "NVD",
"id": "CVE-2017-8172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P10 Plus and P10 Vulnerability related to array index verification in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-070"
}
],
"trust": 0.6
}
}
var-201711-0241
Vulnerability from variot
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vky-al00c00b123"
},
{
"model": "p10",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vtr-al00c00b123"
},
{
"model": "vicky-al00a \u003cvicky-al00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a \u003cvictoria-al00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "victoria-al00ac00b123",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00ac00b123",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"db": "NVD",
"id": "CVE-2017-2725"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADLab of Venustech.",
"sources": [
{
"db": "BID",
"id": "97696"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-963"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2725",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2725",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-04678",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-2725",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2725",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-2725",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04678",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-963",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-963"
},
{
"db": "NVD",
"id": "CVE-2017-2725"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. \nLocal attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2725"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"db": "BID",
"id": "97696"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2725",
"trust": 3.3
},
{
"db": "BID",
"id": "97696",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010609",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-04678",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-963",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-963"
},
{
"db": "NVD",
"id": "CVE-2017-2725"
}
]
},
"id": "VAR-201711-0241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04678"
}
],
"trust": 1.2523158075
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04678"
}
]
},
"last_update_date": "2024-11-23T22:12:48.220000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170405-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
},
{
"title": "There are multiple buffer overflow vulnerabilities (CNVD-2017-04678) patches for Huawei Mobile Bastet components.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92018"
},
{
"title": "Huawei Vicky-AL00A and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75150"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-963"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"db": "NVD",
"id": "CVE-2017-2725"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/97696"
},
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2725"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2725"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-963"
},
{
"db": "NVD",
"id": "CVE-2017-2725"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-963"
},
{
"db": "NVD",
"id": "CVE-2017-2725"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97696"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"date": "2017-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-963"
},
{
"date": "2017-11-22T19:29:01.537000",
"db": "NVD",
"id": "CVE-2017-2725"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04678"
},
{
"date": "2017-04-18T00:07:00",
"db": "BID",
"id": "97696"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010609"
},
{
"date": "2017-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-963"
},
{
"date": "2024-11-21T03:24:03.577000",
"db": "NVD",
"id": "CVE-2017-2725"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-963"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P10 Plus and P10 Buffer error vulnerability in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010609"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-963"
}
],
"trust": 0.6
}
}
var-201711-0936
Vulnerability from variot
Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Maya-L02, VKY-L09, Vicky-AL00A, and Warsaw-AL00 are all smartphones of Huawei. Huawei Maya-L02 and others are smartphone products of China Huawei (Huawei). There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei Maya-L02 prior to Maya-L02C636B126; VKY-L09 prior to VKY-L29C10B151; VTR-L29 prior to VTR-L29C10B151; Vicky-AL00A prior to Vicky-AL00AC00B162; AL00A Victoria-AL00AC00B167 prior to Warsaw-AL00 Warsaw-AL00C00B200 prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0936",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maya-l02",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "maya-l02c636b126"
},
{
"model": "vicky-al00a",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vicky-al00ac00b162"
},
{
"model": "victoria-al00a",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "victoria-al00ac00b167"
},
{
"model": "vky-l09",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vky-l29c10b151"
},
{
"model": "warsaw-al00",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "warsaw-al00c00b200"
},
{
"model": "vky-l29",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "vtr-l29c10b151"
},
{
"model": "vtr-l29",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "vtr-l29c10b151"
},
{
"model": "maya-l02 \u003cmaya-l02c636b126",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vky-l09 \u003cvky-l29c10b151",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vtr-l29 \u003cvtr-l29c10b151",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-al00a \u003cvicky-al00ac00b162",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a \u003cvictoria-al00ac00b167",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "warsaw-al00 \u003cwarsaw-al00c00b200",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:maya-l02_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:vicky-al00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:victoria-al00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:vky-l09_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:vky-l29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:warsaw-al00_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
}
]
},
"cve": "CVE-2017-8173",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8173",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-24397",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-116376",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2017-8173",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8173",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8173",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-24397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-961",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116376",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2017-8173",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Maya-L02, VKY-L09, Vicky-AL00A, and Warsaw-AL00 are all smartphones of Huawei. Huawei Maya-L02 and others are smartphone products of China Huawei (Huawei). There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei Maya-L02 prior to Maya-L02C636B126; VKY-L09 prior to VKY-L29C10B151; VTR-L29 prior to VTR-L29C10B151; Vicky-AL00A prior to Vicky-AL00AC00B162; AL00A Victoria-AL00AC00B167 prior to Warsaw-AL00 Warsaw-AL00C00B200 prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8173",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-24397",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116376",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8173",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"id": "VAR-201711-0936",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
}
],
"trust": 1.384690905
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
}
]
},
"last_update_date": "2024-11-23T22:48:53.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170715-01-frpbypass",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
},
{
"title": "A variety of Huawei mobile phone FRP bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/101431"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76671"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8173"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8173"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-cn"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-116376"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"date": "2017-11-22T19:29:04.083000",
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116376"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"date": "2024-11-21T03:33:28.133000",
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
}
],
"trust": 0.6
}
}
var-201711-0240
Vulnerability from variot
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0240",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p10 plus",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vky-al00c00b123"
},
{
"model": "p10",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vtr-al00c00b123"
},
{
"model": "vicky-al00a \u003cvicky-al00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a \u003cvictoria-al00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00a",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "victoria-al00ac00b123",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "vicky-al00ac00b123",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADLab of Venustech.",
"sources": [
{
"db": "BID",
"id": "97696"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2724",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2724",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-04677",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2017-2724",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2724",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-2724",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04677",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-962",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-2724",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2724",
"trust": 3.4
},
{
"db": "BID",
"id": "97696",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-04677",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-2724",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"id": "VAR-201711-0240",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
}
],
"trust": 1.2523158075
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
}
]
},
"last_update_date": "2024-11-23T22:12:48.151000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170405-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
},
{
"title": "There are multiple buffer overflow vulnerabilities in Huawei\u0027s mobile Bastet component.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92017"
},
{
"title": "Huawei Vicky-AL00A and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75149"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/97696"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2724"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2724"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"db": "BID",
"id": "97696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97696"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"date": "2017-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"date": "2017-11-22T19:29:01.507000",
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04677"
},
{
"date": "2017-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2724"
},
{
"date": "2017-04-18T00:07:00",
"db": "BID",
"id": "97696"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010608"
},
{
"date": "2017-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-962"
},
{
"date": "2024-11-21T03:24:03.457000",
"db": "NVD",
"id": "CVE-2017-2724"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P10 Plus and P10 Buffer error vulnerability in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010608"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-962"
}
],
"trust": 0.6
}
}
var-201711-0997
Vulnerability from variot
The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Huawei Smartphone software contains a vulnerability related to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone product of China Huawei. Madaptdriver is a Madapt driver that runs on it. There is a memory error reference vulnerability in the Madapt driver in Huawei's various products. The following products and versions are affected: Huawei Vicky-AL00A before AL00AC00B172; Vicky-AL00C Vicky-AL00CC768B122; Vicky-TL00A before Victoria-AL00AC00B172; Victoria-AL00A before Victoria-TL00AC00B123; previous version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0997",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "victoria-tl00a",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "victoria-tl00ac00b123"
},
{
"model": "vicky-al00c",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "vicky-al00cc768b122"
},
{
"model": "victoria-tl00a",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "victoria-tl00ac01b167"
},
{
"model": "vicky-tl00a",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "vicky-tl00ac01b167"
},
{
"model": "vicky-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "vicky-al00ac00b172"
},
{
"model": "victoria-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "victoria-al00ac00b172_"
},
{
"model": "vicky-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-al00c",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-tl00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-tl00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-al00c vicky-al00cc768b122",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-al00a \u003cvicky-al00ac00b172",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-tl00a vicky-tl00ac01b167",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a \u003cvictoria-al00ac00b172",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-tl00a victoria-tl00ac00b123",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-tl00a victoria-tl00ac01b167",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-971"
},
{
"db": "NVD",
"id": "CVE-2017-8160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:vicky-al00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:vicky-al00c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:vicky-tl00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:victoria-al00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:victoria-tl00a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
}
]
},
"cve": "CVE-2017-8160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-8160",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2017-35543",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-116363",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-8160",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-8160",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35543",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-971",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-116363",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-8160",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"db": "VULHUB",
"id": "VHN-116363"
},
{
"db": "VULMON",
"id": "CVE-2017-8160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-971"
},
{
"db": "NVD",
"id": "CVE-2017-8160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Huawei Smartphone software contains a vulnerability related to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone product of China Huawei. Madaptdriver is a Madapt driver that runs on it. There is a memory error reference vulnerability in the Madapt driver in Huawei\u0027s various products. The following products and versions are affected: Huawei Vicky-AL00A before AL00AC00B172; Vicky-AL00C Vicky-AL00CC768B122; Vicky-TL00A before Victoria-AL00AC00B172; Victoria-AL00A before Victoria-TL00AC00B123; previous version",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"db": "VULHUB",
"id": "VHN-116363"
},
{
"db": "VULMON",
"id": "CVE-2017-8160"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8160",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-971",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35543",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116363",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8160",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"db": "VULHUB",
"id": "VHN-116363"
},
{
"db": "VULMON",
"id": "CVE-2017-8160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-971"
},
{
"db": "NVD",
"id": "CVE-2017-8160"
}
]
},
"id": "VAR-201711-0997",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"db": "VULHUB",
"id": "VHN-116363"
}
],
"trust": 1.4291353383333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35543"
}
]
},
"last_update_date": "2024-11-23T22:17:45.524000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171018-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
},
{
"title": "Huawei mobile phone Madapt driver has a patch to release re-use vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/106795"
},
{
"title": "Multiple Huawei product Madapt Driver security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76681"
},
{
"title": "vul-guoygang",
"trust": 0.1,
"url": "https://github.com/guoygang/vul-guoygang "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"db": "VULMON",
"id": "CVE-2017-8160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116363"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"db": "NVD",
"id": "CVE-2017-8160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8160"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8160"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171018-01-smartphone-cn"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/guoygang/vul-guoygang"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"db": "VULHUB",
"id": "VHN-116363"
},
{
"db": "VULMON",
"id": "CVE-2017-8160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-971"
},
{
"db": "NVD",
"id": "CVE-2017-8160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"db": "VULHUB",
"id": "VHN-116363"
},
{
"db": "VULMON",
"id": "CVE-2017-8160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-971"
},
{
"db": "NVD",
"id": "CVE-2017-8160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-116363"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8160"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"date": "2017-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-971"
},
{
"date": "2017-11-22T19:29:03.710000",
"db": "NVD",
"id": "CVE-2017-8160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35543"
},
{
"date": "2017-12-12T00:00:00",
"db": "VULHUB",
"id": "VHN-116363"
},
{
"date": "2017-12-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8160"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010814"
},
{
"date": "2017-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-971"
},
{
"date": "2024-11-21T03:33:26.430000",
"db": "NVD",
"id": "CVE-2017-8160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-971"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Vulnerability related to the use of released memory in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010814"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-971"
}
],
"trust": 0.6
}
}
var-201711-0938
Vulnerability from variot
The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Huawei Smartphone software contains an input validation vulnerability.Denial of service (DoS) May be in a state. HuaweiVicky-AL00A/Victoria-AL00A/Warsaw-AL00 is a smartphone of China Huawei. Bastet is one of the data transfer assistance components. The vulnerability is due to insufficient detection parameters in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0938",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vicky-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "vicky-al00ac00b167"
},
{
"model": "victoria-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "victoria-al00ac00b167"
},
{
"model": "warsaw-al00",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "warsaw-al00c00b191"
},
{
"model": "vicky-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "warsaw-al00",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-al00a earlier than vicky-al00ac00b167 versions",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a earlier than victoria-al00ac00b167 versions",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "warsaw-al00 earlier than warsaw-al00c00b191 versions",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:vicky-al00a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:huawei:victoria-al00a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:huawei:warsaw-al00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security researcher Zhang Qing and Guangdong Bai of Singapore Institute of Technology (SIT)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
}
],
"trust": 0.6
},
"cve": "CVE-2017-8175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-8175",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-26780",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-116378",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2017-8175",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8175",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8175",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-26780",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116378",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Huawei Smartphone software contains an input validation vulnerability.Denial of service (DoS) May be in a state. HuaweiVicky-AL00A/Victoria-AL00A/Warsaw-AL00 is a smartphone of China Huawei. Bastet is one of the data transfer assistance components. The vulnerability is due to insufficient detection parameters in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8175"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8175",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-26780",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116378",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"id": "VAR-201711-0938",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
}
],
"trust": 1.5374686716666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
}
]
},
"last_update_date": "2024-11-23T22:26:35.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170802-02-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
},
{
"title": "Huawei mobile phone product input verification vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102217"
},
{
"title": "Huawei Vicky-AL00A , Victoria-AL00A and Warsaw-AL00 Bastet Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74822"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8175"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8175"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170802-02-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-116378"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"date": "2017-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"date": "2017-11-22T19:29:04.163000",
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"date": "2017-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-116378"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"date": "2024-11-21T03:33:28.373000",
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Input Confirmation Vulnerability in Smartphone Software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
}
],
"trust": 0.6
}
}
cve-2017-8160
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Vicky-AL00A,Vicky-AL00C,Vicky-TL00A,Victoria-AL00A,Victoria-TL00A |
Version: Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vicky-AL00A,Vicky-AL00C,Vicky-TL00A,Victoria-AL00A,Victoria-TL00A",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vicky-AL00A,Vicky-AL00C,Vicky-TL00A,Victoria-AL00A,Victoria-TL00A",
"version": {
"version_data": [
{
"version_value": "Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8160",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T00:21:17.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8173
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 |
Version: Earlier than Maya-L02C636B126 versions,Earlier than VKY-L29C10B151 versions,Earlier than VTR-L29C10B151 versions,Earlier than Vicky-AL00AC00B162 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B200 versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than Maya-L02C636B126 versions,Earlier than VKY-L29C10B151 versions,Earlier than VTR-L29C10B151 versions,Earlier than Vicky-AL00AC00B162 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B200 versions"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
"version": {
"version_data": [
{
"version_value": "Earlier than Maya-L02C636B126 versions,Earlier than VKY-L29C10B151 versions,Earlier than VTR-L29C10B151 versions,Earlier than Vicky-AL00AC00B162 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B200 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8173",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T18:24:14.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8175
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 |
Version: Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
"version": {
"version_data": [
{
"version_value": "Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8175",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T21:57:42.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2024-11-21 03:33
Severity ?
Summary
Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@huawei.com | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | maya-l02_firmware | * | |
| huawei | maya-l02 | - | |
| huawei | vky-l09_firmware | * | |
| huawei | vky-l09 | - | |
| huawei | vky-l29_firmware | * | |
| huawei | vky-l29 | - | |
| huawei | vicky-al00a_firmware | * | |
| huawei | vicky-al00a | - | |
| huawei | victoria-al00a_firmware | * | |
| huawei | victoria-al00a | - | |
| huawei | warsaw-al00_firmware | * | |
| huawei | warsaw-al00 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:maya-l02_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA691AD9-7B27-45D7-9597-68AC69BABCE7",
"versionEndExcluding": "maya-l02c636b126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:maya-l02:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCAE98E-0882-4B83-A4B2-9EBFAFBC875A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vky-l09_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB957C5-EE90-4A85-ACB0-C4FBD1AB93EE",
"versionEndExcluding": "vky-l29c10b151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vky-l09:-:*:*:*:*:*:*:*",
"matchCriteriaId": "315A5851-5BEE-4393-8530-A5E3E17BAEB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vky-l29_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97108578-607F-4FEF-B8BB-4CC88BFE9B38",
"versionEndExcluding": "vtr-l29c10b151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vky-l29:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582BA871-A84E-4629-8B1C-19FC1B430FB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vicky-al00a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46F21261-B04E-40FE-BE5F-71A9752A8EAB",
"versionEndExcluding": "vicky-al00ac00b162",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E014F48F-8F37-41FA-A7DE-F281B3BFFA99",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:victoria-al00a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE3E06-33A9-4F4F-89B5-BAC1E825CBE4",
"versionEndExcluding": "victoria-al00ac00b167",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:victoria-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7F7F64-E8ED-4D47-8FA5-54A3F9965E3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:warsaw-al00_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43550C96-8F74-4952-9B59-631BB5714EA6",
"versionEndExcluding": "warsaw-al00c00b200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:warsaw-al00:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D72345E1-8472-4EF0-9B97-A0E0CFB6CA58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
},
{
"lang": "es",
"value": "Los smartphones Maya-L02, VKY-L09, VTR-L29, Vicky-AL00A, Victoria-AL00A, Warsaw-AL00 con versiones de software anteriores a Maya-L02C636B126, VKY-L29C10B151, VTR-L29C10B151, Vicky-AL00AC00B162, Victoria-AL00AC00B167 y Warsaw-AL00C00B200 tienen una vulnerabilidad de omisi\u00f3n de Factory Reset Protection (FRP). Cuando se reconfigura el tel\u00e9fono m\u00f3vil utilizando la funci\u00f3n Factory Reset Protection (FRP), un atacante puede conectarse al flujo de configuraci\u00f3n mediante alg\u00fan c\u00f3digo secreto y realizar determinadas operaciones para actualizar la cuenta de Google. El resultado es que la funci\u00f3n FRP se omite."
}
],
"id": "CVE-2017-8173",
"lastModified": "2024-11-21T03:33:28.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:04.083",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2024-11-21 03:33
Severity ?
Summary
The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | vicky-al00a_firmware | * | |
| huawei | vicky-al00a | - | |
| huawei | vicky-al00c_firmware | vicky-al00cc768b122 | |
| huawei | vicky-al00c | - | |
| huawei | vicky-tl00a_firmware | vicky-tl00ac01b167 | |
| huawei | vicky-tl00a | - | |
| huawei | victoria-al00a_firmware | * | |
| huawei | victoria-al00a | - | |
| huawei | victoria-tl00a_firmware | victoria-tl00ac00b123 | |
| huawei | victoria-tl00a | - | |
| huawei | victoria-tl00a_firmware | victoria-tl00ac01b167 | |
| huawei | victoria-tl00a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vicky-al00a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "474F668F-5F41-4214-AD34-455AB7250C53",
"versionEndExcluding": "vicky-al00ac00b172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E014F48F-8F37-41FA-A7DE-F281B3BFFA99",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vicky-al00c_firmware:vicky-al00cc768b122:*:*:*:*:*:*:*",
"matchCriteriaId": "3916C89C-940E-4B44-AAB0-91F50D32EC27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vicky-al00c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D76C82-BFC2-42A0-94FF-BD81B9F7644B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vicky-tl00a_firmware:vicky-tl00ac01b167:*:*:*:*:*:*:*",
"matchCriteriaId": "362616DC-D15C-4AC9-A629-2BE63BFAA43B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vicky-tl00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4CEA52-F123-43B2-BB57-3C893C73356E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:victoria-al00a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E5CE1-EA78-40F1-A2A3-E0BA0EC5F5B8",
"versionEndExcluding": "victoria-al00ac00b172_",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:victoria-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7F7F64-E8ED-4D47-8FA5-54A3F9965E3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:victoria-tl00a_firmware:victoria-tl00ac00b123:*:*:*:*:*:*:*",
"matchCriteriaId": "6179F679-DD1F-44D1-AC41-25D9614497FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:victoria-tl00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A28FFD6-9D49-4962-A508-E208E915326A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:victoria-tl00a_firmware:victoria-tl00ac01b167:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B5D06B-EBB2-4F62-A2CA-B9DC573378D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:victoria-tl00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A28FFD6-9D49-4962-A508-E208E915326A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution."
},
{
"lang": "es",
"value": "El controlador Madapt de determinados smartphones Huawei con software anterior a las versiones Vicky-AL00AC00B172, Vicky-AL00CC768B122, Vicky-TL00AC01B167, anterior a las versiones Victoria-AL00AC00B172 ,Victoria-TL00AC00B123 y Victoria-TL00AC01B167 tiene una vulnerabilidad de uso de memoria previamente liberada. Un atacante puede enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa con un nivel alto de privilegios para explotar esta vulnerabilidad. Una explotaci\u00f3n exitosa podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2017-8160",
"lastModified": "2024-11-21T03:33:26.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:03.710",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2024-11-21 03:33
Severity ?
Summary
The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | vicky-al00a | * | |
| huawei | victoria-al00a | * | |
| huawei | warsaw-al00 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:vicky-al00a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D4D70E-9172-4F75-ACF7-C956481473B7",
"versionEndExcluding": "vicky-al00ac00b167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:victoria-al00a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B948367-9009-439D-846D-6F6BBDB57D21",
"versionEndExcluding": "victoria-al00ac00b167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:warsaw-al00:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C09AC24-0D9F-41BE-A527-99A1D06C651B",
"versionEndExcluding": "warsaw-al00c00b191",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
},
{
"lang": "es",
"value": "El controlador Bastet de algunos smartphones Huawei con software anterior a las versiones Vicky-AL00AC00B167, Victoria-AL00AC00B167 y Warsaw-AL00C00B191 tiene una vulnerabilidad de validaci\u00f3n insuficiente de valores de entrada debido a la falta de validaci\u00f3n de par\u00e1metros. Un atacante podr\u00eda enga\u00f1ar a un usuario para que instale una app maliciosa. La app puede modificar un par\u00e1metro espec\u00edfico para hacer que el sistema se reinicie."
}
],
"id": "CVE-2017-8175",
"lastModified": "2024-11-21T03:33:28.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:04.163",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}