var-201802-0441
Vulnerability from variot
The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiDuke-L09 is a smartphone from China's Huawei company. The HuaweiDuke-L09 \"Mobile Retrieval\" feature has an authentication bypass vulnerability. The vulnerability is due to the device's failure to properly implement authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0441",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "duke-l09",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "duke-l09c10b186"
},
{
"model": "duke-l09",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "duke-l09c432b187"
},
{
"model": "duke-l09",
"scope": "lt",
"trust": 1.8,
"vendor": "huawei",
"version": "duke-l09c636b186"
},
{
"model": "duke-l09 \u003cduke-l09c10b186",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "duke-l09 \u003cduke-l09c432b187",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "duke-l09 \u003cduke-l09c636b186",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"db": "NVD",
"id": "CVE-2017-17161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:duke-l09_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
}
]
},
"cve": "CVE-2017-17161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17161",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-37500",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2017-17161",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17161",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17161",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-37500",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-312",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-312"
},
{
"db": "NVD",
"id": "CVE-2017-17161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The \u0027Find Phone\u0027 function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the \u0027Find Phone\u0027 function. An attacker may exploit the vulnerability to bypass the \u0027Find Phone\u0027 function in order to use the phone normally. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiDuke-L09 is a smartphone from China\u0027s Huawei company. The HuaweiDuke-L09 \\\"Mobile Retrieval\\\" feature has an authentication bypass vulnerability. The vulnerability is due to the device\u0027s failure to properly implement authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"db": "CNVD",
"id": "CNVD-2017-37500"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17161",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012677",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-37500",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201712-312",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-312"
},
{
"db": "NVD",
"id": "CVE-2017-17161"
}
]
},
"id": "VAR-201802-0441",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37500"
}
],
"trust": 0.975
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37500"
}
]
},
"last_update_date": "2024-11-23T22:56:00.739000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171213-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en"
},
{
"title": "HuaweiDuke-L09 authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111011"
},
{
"title": "Huawei Duke-L09 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100240"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-312"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"db": "NVD",
"id": "CVE-2017-17161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17161"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17161"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-312"
},
{
"db": "NVD",
"id": "CVE-2017-17161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-312"
},
{
"db": "NVD",
"id": "CVE-2017-17161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37500"
},
{
"date": "2018-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"date": "2017-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-312"
},
{
"date": "2018-02-15T16:29:02.063000",
"db": "NVD",
"id": "CVE-2017-17161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37500"
},
{
"date": "2018-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012677"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-312"
},
{
"date": "2024-11-21T03:17:36.770000",
"db": "NVD",
"id": "CVE-2017-17161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-312"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012677"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-312"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.