Vulnerabilites related to huawei - warsaw-al00
cve-2017-8173
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 |
Version: Earlier than Maya-L02C636B126 versions,Earlier than VKY-L29C10B151 versions,Earlier than VTR-L29C10B151 versions,Earlier than Vicky-AL00AC00B162 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B200 versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than Maya-L02C636B126 versions,Earlier than VKY-L29C10B151 versions,Earlier than VTR-L29C10B151 versions,Earlier than Vicky-AL00AC00B162 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B200 versions"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
"version": {
"version_data": [
{
"version_value": "Earlier than Maya-L02C636B126 versions,Earlier than VKY-L29C10B151 versions,Earlier than VTR-L29C10B151 versions,Earlier than Vicky-AL00AC00B162 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B200 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8173",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T18:24:14.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8175
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 |
Version: Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
"version": {
"version_data": [
{
"version_value": "Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8175",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T21:57:42.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2024-11-21 03:33
Severity ?
Summary
Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@huawei.com | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | maya-l02_firmware | * | |
| huawei | maya-l02 | - | |
| huawei | vky-l09_firmware | * | |
| huawei | vky-l09 | - | |
| huawei | vky-l29_firmware | * | |
| huawei | vky-l29 | - | |
| huawei | vicky-al00a_firmware | * | |
| huawei | vicky-al00a | - | |
| huawei | victoria-al00a_firmware | * | |
| huawei | victoria-al00a | - | |
| huawei | warsaw-al00_firmware | * | |
| huawei | warsaw-al00 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:maya-l02_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA691AD9-7B27-45D7-9597-68AC69BABCE7",
"versionEndExcluding": "maya-l02c636b126",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:maya-l02:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCAE98E-0882-4B83-A4B2-9EBFAFBC875A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vky-l09_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB957C5-EE90-4A85-ACB0-C4FBD1AB93EE",
"versionEndExcluding": "vky-l29c10b151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vky-l09:-:*:*:*:*:*:*:*",
"matchCriteriaId": "315A5851-5BEE-4393-8530-A5E3E17BAEB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vky-l29_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97108578-607F-4FEF-B8BB-4CC88BFE9B38",
"versionEndExcluding": "vtr-l29c10b151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vky-l29:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582BA871-A84E-4629-8B1C-19FC1B430FB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vicky-al00a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46F21261-B04E-40FE-BE5F-71A9752A8EAB",
"versionEndExcluding": "vicky-al00ac00b162",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E014F48F-8F37-41FA-A7DE-F281B3BFFA99",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:victoria-al00a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE3E06-33A9-4F4F-89B5-BAC1E825CBE4",
"versionEndExcluding": "victoria-al00ac00b167",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:victoria-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7F7F64-E8ED-4D47-8FA5-54A3F9965E3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:warsaw-al00_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43550C96-8F74-4952-9B59-631BB5714EA6",
"versionEndExcluding": "warsaw-al00c00b200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:warsaw-al00:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D72345E1-8472-4EF0-9B97-A0E0CFB6CA58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
},
{
"lang": "es",
"value": "Los smartphones Maya-L02, VKY-L09, VTR-L29, Vicky-AL00A, Victoria-AL00A, Warsaw-AL00 con versiones de software anteriores a Maya-L02C636B126, VKY-L29C10B151, VTR-L29C10B151, Vicky-AL00AC00B162, Victoria-AL00AC00B167 y Warsaw-AL00C00B200 tienen una vulnerabilidad de omisi\u00f3n de Factory Reset Protection (FRP). Cuando se reconfigura el tel\u00e9fono m\u00f3vil utilizando la funci\u00f3n Factory Reset Protection (FRP), un atacante puede conectarse al flujo de configuraci\u00f3n mediante alg\u00fan c\u00f3digo secreto y realizar determinadas operaciones para actualizar la cuenta de Google. El resultado es que la funci\u00f3n FRP se omite."
}
],
"id": "CVE-2017-8173",
"lastModified": "2024-11-21T03:33:28.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:04.083",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2024-11-21 03:33
Severity ?
Summary
The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | vicky-al00a | * | |
| huawei | victoria-al00a | * | |
| huawei | warsaw-al00 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:vicky-al00a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D4D70E-9172-4F75-ACF7-C956481473B7",
"versionEndExcluding": "vicky-al00ac00b167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:victoria-al00a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B948367-9009-439D-846D-6F6BBDB57D21",
"versionEndExcluding": "victoria-al00ac00b167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:warsaw-al00:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C09AC24-0D9F-41BE-A527-99A1D06C651B",
"versionEndExcluding": "warsaw-al00c00b191",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
},
{
"lang": "es",
"value": "El controlador Bastet de algunos smartphones Huawei con software anterior a las versiones Vicky-AL00AC00B167, Victoria-AL00AC00B167 y Warsaw-AL00C00B191 tiene una vulnerabilidad de validaci\u00f3n insuficiente de valores de entrada debido a la falta de validaci\u00f3n de par\u00e1metros. Un atacante podr\u00eda enga\u00f1ar a un usuario para que instale una app maliciosa. La app puede modificar un par\u00e1metro espec\u00edfico para hacer que el sistema se reinicie."
}
],
"id": "CVE-2017-8175",
"lastModified": "2024-11-21T03:33:28.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:04.163",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201711-0936
Vulnerability from variot
Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Maya-L02, VKY-L09, Vicky-AL00A, and Warsaw-AL00 are all smartphones of Huawei. Huawei Maya-L02 and others are smartphone products of China Huawei (Huawei). There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei Maya-L02 prior to Maya-L02C636B126; VKY-L09 prior to VKY-L29C10B151; VTR-L29 prior to VTR-L29C10B151; Vicky-AL00A prior to Vicky-AL00AC00B162; AL00A Victoria-AL00AC00B167 prior to Warsaw-AL00 Warsaw-AL00C00B200 prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0936",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maya-l02",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "maya-l02c636b126"
},
{
"model": "vicky-al00a",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vicky-al00ac00b162"
},
{
"model": "victoria-al00a",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "victoria-al00ac00b167"
},
{
"model": "vky-l09",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "vky-l29c10b151"
},
{
"model": "warsaw-al00",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "warsaw-al00c00b200"
},
{
"model": "vky-l29",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "vtr-l29c10b151"
},
{
"model": "vtr-l29",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "vtr-l29c10b151"
},
{
"model": "maya-l02 \u003cmaya-l02c636b126",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vky-l09 \u003cvky-l29c10b151",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vtr-l29 \u003cvtr-l29c10b151",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-al00a \u003cvicky-al00ac00b162",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a \u003cvictoria-al00ac00b167",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "warsaw-al00 \u003cwarsaw-al00c00b200",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:maya-l02_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:vicky-al00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:victoria-al00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:vky-l09_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:vky-l29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:warsaw-al00_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
}
]
},
"cve": "CVE-2017-8173",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8173",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-24397",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-116376",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2017-8173",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8173",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8173",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-24397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-961",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116376",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2017-8173",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Maya-L02, VKY-L09, Vicky-AL00A, and Warsaw-AL00 are all smartphones of Huawei. Huawei Maya-L02 and others are smartphone products of China Huawei (Huawei). There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei Maya-L02 prior to Maya-L02C636B126; VKY-L09 prior to VKY-L29C10B151; VTR-L29 prior to VTR-L29C10B151; Vicky-AL00A prior to Vicky-AL00AC00B162; AL00A Victoria-AL00AC00B167 prior to Warsaw-AL00 Warsaw-AL00C00B200 prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8173",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-24397",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116376",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8173",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"id": "VAR-201711-0936",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
}
],
"trust": 1.384690905
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
}
]
},
"last_update_date": "2024-11-23T22:48:53.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170715-01-frpbypass",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
},
{
"title": "A variety of Huawei mobile phone FRP bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/101431"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76671"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8173"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8173"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-cn"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"db": "VULHUB",
"id": "VHN-116376"
},
{
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-116376"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"date": "2017-11-22T19:29:04.083000",
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24397"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116376"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8173"
},
{
"date": "2017-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010802"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-961"
},
{
"date": "2024-11-21T03:33:28.133000",
"db": "NVD",
"id": "CVE-2017-8173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010802"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-961"
}
],
"trust": 0.6
}
}
var-201711-0938
Vulnerability from variot
The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Huawei Smartphone software contains an input validation vulnerability.Denial of service (DoS) May be in a state. HuaweiVicky-AL00A/Victoria-AL00A/Warsaw-AL00 is a smartphone of China Huawei. Bastet is one of the data transfer assistance components. The vulnerability is due to insufficient detection parameters in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0938",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vicky-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "vicky-al00ac00b167"
},
{
"model": "victoria-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "victoria-al00ac00b167"
},
{
"model": "warsaw-al00",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "warsaw-al00c00b191"
},
{
"model": "vicky-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "warsaw-al00",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "vicky-al00a earlier than vicky-al00ac00b167 versions",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "victoria-al00a earlier than victoria-al00ac00b167 versions",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "warsaw-al00 earlier than warsaw-al00c00b191 versions",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:vicky-al00a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:huawei:victoria-al00a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:huawei:warsaw-al00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security researcher Zhang Qing and Guangdong Bai of Singapore Institute of Technology (SIT)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
}
],
"trust": 0.6
},
"cve": "CVE-2017-8175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-8175",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-26780",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-116378",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2017-8175",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8175",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8175",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-26780",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116378",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Huawei Smartphone software contains an input validation vulnerability.Denial of service (DoS) May be in a state. HuaweiVicky-AL00A/Victoria-AL00A/Warsaw-AL00 is a smartphone of China Huawei. Bastet is one of the data transfer assistance components. The vulnerability is due to insufficient detection parameters in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8175"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8175",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-26780",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116378",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"id": "VAR-201711-0938",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
}
],
"trust": 1.5374686716666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
}
]
},
"last_update_date": "2024-11-23T22:26:35.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20170802-02-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
},
{
"title": "Huawei mobile phone product input verification vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102217"
},
{
"title": "Huawei Vicky-AL00A , Victoria-AL00A and Warsaw-AL00 Bastet Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74822"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8175"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8175"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170802-02-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"db": "VULHUB",
"id": "VHN-116378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-116378"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"date": "2017-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"date": "2017-11-22T19:29:04.163000",
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26780"
},
{
"date": "2017-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-116378"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010735"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-150"
},
{
"date": "2024-11-21T03:33:28.373000",
"db": "NVD",
"id": "CVE-2017-8175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Input Confirmation Vulnerability in Smartphone Software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-150"
}
],
"trust": 0.6
}
}