Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities found for vicky-al00a by huawei

    VAR-201711-0997

    Vulnerability from variot - Updated: 2023-12-18 13:48

    The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Huawei Smartphone software contains a vulnerability related to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone product of China Huawei. Madaptdriver is a Madapt driver that runs on it. There is a memory error reference vulnerability in the Madapt driver in Huawei's various products. The following products and versions are affected: Huawei Vicky-AL00A before AL00AC00B172; Vicky-AL00C Vicky-AL00CC768B122; Vicky-TL00A before Victoria-AL00AC00B172; Victoria-AL00A before Victoria-TL00AC00B123; previous version

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0997",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "victoria-tl00a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "huawei",
            "version": "victoria-tl00ac01b167"
          },
          {
            "model": "victoria-tl00a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "huawei",
            "version": "victoria-tl00ac00b123"
          },
          {
            "model": "vicky-tl00a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "huawei",
            "version": "vicky-tl00ac01b167"
          },
          {
            "model": "vicky-al00c",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "huawei",
            "version": "vicky-al00cc768b122"
          },
          {
            "model": "vicky-al00a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "vicky-al00ac00b172"
          },
          {
            "model": "victoria-al00a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "victoria-al00ac00b172_"
          },
          {
            "model": "vicky-al00a",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00c",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-tl00a",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-tl00a",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00c vicky-al00cc768b122",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00a \u003cvicky-al00ac00b172",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-tl00a vicky-tl00ac01b167",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a \u003cvictoria-al00ac00b172",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-tl00a victoria-tl00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-tl00a victoria-tl00ac01b167",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vicky-al00a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vicky-al00ac00b172",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vicky-al00c_firmware:vicky-al00cc768b122:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:vicky-al00c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vicky-tl00a_firmware:vicky-tl00ac01b167:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:vicky-tl00a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:victoria-al00a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "victoria-al00ac00b172_",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:victoria-al00a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:victoria-tl00a_firmware:victoria-tl00ac00b123:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:victoria-tl00a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:victoria-tl00a_firmware:victoria-tl00ac01b167:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:victoria-tl00a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8160"
          }
        ]
      },
      "cve": "CVE-2017-8160",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-8160",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 2.5,
                "id": "CNVD-2017-35543",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-116363",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-8160",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-8160",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-35543",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-971",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116363",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-8160",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Huawei Smartphone software contains a vulnerability related to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone product of China Huawei. Madaptdriver is a Madapt driver that runs on it. There is a memory error reference vulnerability in the Madapt driver in Huawei\u0027s various products. The following products and versions are affected: Huawei Vicky-AL00A before AL00AC00B172; Vicky-AL00C Vicky-AL00CC768B122; Vicky-TL00A before Victoria-AL00AC00B172; Victoria-AL00A before Victoria-TL00AC00B123; previous version",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8160"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8160",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-116363",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8160",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ]
      },
      "id": "VAR-201711-0997",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116363"
          }
        ],
        "trust": 1.4291353383333334
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:48:27.899000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20171018-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
          },
          {
            "title": "Huawei mobile phone Madapt driver has a patch to release re-use vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/106795"
          },
          {
            "title": "Multiple Huawei product Madapt Driver security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76681"
          },
          {
            "title": "vul-guoygang",
            "trust": 0.1,
            "url": "https://github.com/guoygang/vul-guoygang "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8160"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8160"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8160"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171018-01-smartphone-cn"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/416.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/guoygang/vul-guoygang"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116363"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-8160"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "date": "2017-11-22T19:29:03.710000",
            "db": "NVD",
            "id": "CVE-2017-8160"
          },
          {
            "date": "2017-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35543"
          },
          {
            "date": "2017-12-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116363"
          },
          {
            "date": "2017-12-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-8160"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          },
          {
            "date": "2017-12-12T18:14:38.557000",
            "db": "NVD",
            "id": "CVE-2017-8160"
          },
          {
            "date": "2017-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Vulnerability related to the use of released memory in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010814"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-971"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0936

    Vulnerability from variot - Updated: 2023-12-18 13:34

    Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Maya-L02, VKY-L09, Vicky-AL00A, and Warsaw-AL00 are all smartphones of Huawei. Huawei Maya-L02 and others are smartphone products of China Huawei (Huawei). There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei Maya-L02 prior to Maya-L02C636B126; VKY-L09 prior to VKY-L29C10B151; VTR-L29 prior to VTR-L29C10B151; Vicky-AL00A prior to Vicky-AL00AC00B162; AL00A Victoria-AL00AC00B167 prior to Warsaw-AL00 Warsaw-AL00C00B200 prior

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0936",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "maya-l02",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "maya-l02c636b126"
          },
          {
            "model": "vicky-al00a",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vicky-al00ac00b162"
          },
          {
            "model": "victoria-al00a",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "victoria-al00ac00b167"
          },
          {
            "model": "vky-l09",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-l29c10b151"
          },
          {
            "model": "warsaw-al00",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "warsaw-al00c00b200"
          },
          {
            "model": "vky-l29",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "vtr-l29c10b151"
          },
          {
            "model": "vtr-l29",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "vtr-l29c10b151"
          },
          {
            "model": "maya-l02 \u003cmaya-l02c636b126",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vky-l09 \u003cvky-l29c10b151",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vtr-l29 \u003cvtr-l29c10b151",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00a \u003cvicky-al00ac00b162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a \u003cvictoria-al00ac00b167",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "warsaw-al00 \u003cwarsaw-al00c00b200",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8173"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:maya-l02_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "maya-l02c636b126",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:maya-l02:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vky-l09_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vky-l29c10b151",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:vky-l09:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vky-l29_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vtr-l29c10b151",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:vky-l29:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vicky-al00a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vicky-al00ac00b162",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:victoria-al00a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "victoria-al00ac00b167",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:victoria-al00a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:warsaw-al00_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "warsaw-al00c00b200",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:warsaw-al00:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8173"
          }
        ]
      },
      "cve": "CVE-2017-8173",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-8173",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-24397",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-116376",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 0.9,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.6,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-8173",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-8173",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24397",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-961",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116376",
                "trust": 0.1,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-8173",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Maya-L02, VKY-L09, Vicky-AL00A, and Warsaw-AL00 are all smartphones of Huawei. Huawei Maya-L02 and others are smartphone products of China Huawei (Huawei). There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei Maya-L02 prior to Maya-L02C636B126; VKY-L09 prior to VKY-L29C10B151; VTR-L29 prior to VTR-L29C10B151; Vicky-AL00A prior to Vicky-AL00AC00B162; AL00A Victoria-AL00AC00B167 prior to Warsaw-AL00 Warsaw-AL00C00B200 prior",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8173"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8173",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-961",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-116376",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8173",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ]
      },
      "id": "VAR-201711-0936",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116376"
          }
        ],
        "trust": 1.384690905
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:34:02.242000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170715-01-frpbypass",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
          },
          {
            "title": "A variety of Huawei mobile phone FRP bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/101431"
          },
          {
            "title": "Multiple Huawei Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76671"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8173"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8173"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8173"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-cn"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116376"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-8173"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "date": "2017-11-22T19:29:04.083000",
            "db": "NVD",
            "id": "CVE-2017-8173"
          },
          {
            "date": "2017-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24397"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116376"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-8173"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-8173"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010802"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-961"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201802-0537

    Vulnerability from variot - Updated: 2023-12-18 13:02

    The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack. Huawei Smartphone software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone device from China's Huawei company. Flpdriver is a Flp driver used in it. The following versions are affected: Huawei Vicky-AL00A Vicky-AL00AC00B124D version, Vicky-AL00AC00B157D version, Vicky-AL00AC00B167 version

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0537",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "huawei",
            "version": "vicky-al00ac00b124d"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "huawei",
            "version": "vicky-al00ac00b157d"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "huawei",
            "version": "vicky-al00ac00b167"
          },
          {
            "model": "vicky-al00a vicky-al00ac00b157d",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00a vicky-al00ac00b167",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00a vicky-al00ac00b124d",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b124d:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b157d:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b167:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-15330"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Yonggang Guo of IceSword Lab, Qihoo 360 Technology Co. Ltd",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-15330",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-15330",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-37846",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-106142",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-15330",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-15330",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-37846",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-687",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-106142",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack. Huawei Smartphone software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone device from China\u0027s Huawei company. Flpdriver is a Flp driver used in it. The following versions are affected: Huawei Vicky-AL00A Vicky-AL00AC00B124D version, Vicky-AL00AC00B157D version, Vicky-AL00AC00B167 version",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-15330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106142"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-15330",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-106142",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ]
      },
      "id": "VAR-201802-0537",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106142"
          }
        ],
        "trust": 1.4105263
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:02:47.410000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20171206-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en"
          },
          {
            "title": "HuaweiVicky-AL00AFlp Driver Memory Re-release Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/111417"
          },
          {
            "title": "Huawei Vicky-AL00A Flp Driver security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77225"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-415",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-106142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15330"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15330"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15330"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "date": "2018-02-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-106142"
          },
          {
            "date": "2018-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "date": "2018-02-15T16:29:00.283000",
            "db": "NVD",
            "id": "CVE-2017-15330"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37846"
          },
          {
            "date": "2018-03-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-106142"
          },
          {
            "date": "2018-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          },
          {
            "date": "2018-03-07T15:08:29.837000",
            "db": "NVD",
            "id": "CVE-2017-15330"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Vulnerability related to double release in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012597"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-687"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0935

    Vulnerability from variot - Updated: 2023-12-18 12:37

    Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart. HuaweiVicky-AL00A and Victoria-AL00A are both Huawei's smartphone devices. The vulnerability stems from the program not fully performing input verification. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the system, denying service to legitimate users

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0935",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b157"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b157"
          },
          {
            "model": "victoria-al00a \u003c=victoria-al00ac00b157",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00a \u003c=vicky-al00ac00b157",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "victoria-al00ac00b157",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00ac00b157",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vky-al00c00b157",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vtr-al00c00b157",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zhou Ye, Xu Lei Yong, Li Bo of 360 Vulpecker Team",
        "sources": [
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-8172",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-8172",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-13795",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-8172",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-8172",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-13795",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-070",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart. HuaweiVicky-AL00A and Victoria-AL00A are both Huawei\u0027s smartphone devices. The vulnerability stems from the program not fully performing input verification. Multiple Huawei products are prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the system, denying service to legitimate users",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8172",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "99370",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ]
      },
      "id": "VAR-201711-0935",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          }
        ],
        "trust": 1.2523158075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:37:05.522000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170628-01-isub",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en"
          },
          {
            "title": "HuaweiVicky-AL00A and Victoria-AL00A mobile phone isub service denial of service vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/97803"
          },
          {
            "title": "Huawei Vicky-AL00A  and Victoria-AL00A Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71407"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-129",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99370"
          },
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8172"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8172"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170628-01-isub-en"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "date": "2017-07-03T00:00:00",
            "db": "BID",
            "id": "99370"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "date": "2017-11-22T19:29:04.053000",
            "db": "NVD",
            "id": "CVE-2017-8172"
          },
          {
            "date": "2017-07-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "date": "2017-07-03T00:00:00",
            "db": "BID",
            "id": "99370"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "date": "2017-12-12T18:13:09.290000",
            "db": "NVD",
            "id": "CVE-2017-8172"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Plus and  P10 Vulnerability related to array index verification in smartphones",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0241

    Vulnerability from variot - Updated: 2023-12-18 12:03

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0241",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b123"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b123"
          },
          {
            "model": "vicky-al00a \u003cvicky-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a \u003cvictoria-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "victoria-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vtr-al00c00b123",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vky-al00c00b123",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ADLab of Venustech.",
        "sources": [
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-2725",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-2725",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-04678",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2725",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2725",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04678",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-963",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. \nLocal attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2725",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "97696",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ]
      },
      "id": "VAR-201711-0241",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          }
        ],
        "trust": 1.2523158075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:03:04.500000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170405-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "title": "There are multiple buffer overflow vulnerabilities (CNVD-2017-04678) patches for Huawei Mobile Bastet components.",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/92018"
          },
          {
            "title": "Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75150"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/97696"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2725"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2725"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "date": "2017-11-22T19:29:01.537000",
            "db": "NVD",
            "id": "CVE-2017-2725"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "date": "2017-04-18T00:07:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "date": "2017-12-08T18:58:09.873000",
            "db": "NVD",
            "id": "CVE-2017-2725"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Plus and  P10 Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0240

    Vulnerability from variot - Updated: 2023-12-18 12:03

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0240",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b123"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b123"
          },
          {
            "model": "vicky-al00a \u003cvicky-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a \u003cvictoria-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "victoria-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vtr-al00c00b123",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vky-al00c00b123",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ADLab of Venustech.",
        "sources": [
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-2724",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-2724",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-04677",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2724",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2724",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04677",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-962",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2724",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2724",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "97696",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ]
      },
      "id": "VAR-201711-0240",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          }
        ],
        "trust": 1.2523158075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:03:04.467000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170405-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "title": "There are multiple buffer overflow vulnerabilities in Huawei\u0027s mobile Bastet component.",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/92017"
          },
          {
            "title": "Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75149"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/97696"
          },
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2724"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2724"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "date": "2017-11-22T19:29:01.507000",
            "db": "NVD",
            "id": "CVE-2017-2724"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "date": "2017-12-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "date": "2017-04-18T00:07:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "date": "2017-12-08T18:52:00.697000",
            "db": "NVD",
            "id": "CVE-2017-2724"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Plus and  P10 Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0242

    Vulnerability from variot - Updated: 2023-12-18 12:03

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0242",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b123"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b123"
          },
          {
            "model": "vicky-al00a \u003cvicky-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a \u003cvictoria-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "victoria-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vtr-al00c00b123",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "vky-al00c00b123",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ADLab of Venustech.",
        "sources": [
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-2726",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-2726",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-04679",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2726",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2726",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04679",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-964",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2726",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. \nLocal attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2726",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "97696",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ]
      },
      "id": "VAR-201711-0242",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          }
        ],
        "trust": 1.2523158075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:03:04.434000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170405-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "title": "There are multiple buffer overflow vulnerabilities (CNVD-2017-04679) patch for Huawei Mobile Bastet component.",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/92019"
          },
          {
            "title": "Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75151"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/97696"
          },
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2726"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2726"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "date": "2017-11-22T19:29:01.583000",
            "db": "NVD",
            "id": "CVE-2017-2726"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "date": "2017-12-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "date": "2017-04-18T00:07:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "date": "2017-12-08T18:53:14.687000",
            "db": "NVD",
            "id": "CVE-2017-2726"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Plus and  P10 Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0938

    Vulnerability from variot - Updated: 2023-12-18 12:03

    The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Huawei Smartphone software contains an input validation vulnerability.Denial of service (DoS) May be in a state. HuaweiVicky-AL00A/Victoria-AL00A/Warsaw-AL00 is a smartphone of China Huawei. Bastet is one of the data transfer assistance components. The vulnerability is due to insufficient detection parameters in the program

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0938",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "warsaw-al00",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "warsaw-al00c00b191"
          },
          {
            "model": "victoria-al00a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "victoria-al00ac00b167"
          },
          {
            "model": "vicky-al00a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "vicky-al00ac00b167"
          },
          {
            "model": "vicky-al00a",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "warsaw-al00",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00a earlier than vicky-al00ac00b167 versions",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a earlier than victoria-al00ac00b167 versions",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "warsaw-al00 earlier than warsaw-al00c00b191 versions",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8175"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:huawei:vicky-al00a:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "vicky-al00ac00b167",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:huawei:warsaw-al00:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "warsaw-al00c00b191",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:huawei:victoria-al00a:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "victoria-al00ac00b167",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8175"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "security researcher Zhang Qing and Guangdong Bai of Singapore Institute of Technology (SIT)",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-8175",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.1,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-8175",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-26780",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-116378",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-8175",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-8175",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-26780",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-150",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116378",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116378"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Huawei Smartphone software contains an input validation vulnerability.Denial of service (DoS) May be in a state. HuaweiVicky-AL00A/Victoria-AL00A/Warsaw-AL00 is a smartphone of China Huawei. Bastet is one of the data transfer assistance components. The vulnerability is due to insufficient detection parameters in the program",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116378"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8175",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-116378",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116378"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ]
      },
      "id": "VAR-201711-0938",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116378"
          }
        ],
        "trust": 1.5374686716666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:03:03.521000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170802-02-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
          },
          {
            "title": "Huawei mobile phone product input verification vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/102217"
          },
          {
            "title": "Huawei Vicky-AL00A , Victoria-AL00A  and Warsaw-AL00 Bastet Enter the fix for the verification vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74822"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116378"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8175"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8175"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8175"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170802-02-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116378"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116378"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116378"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "date": "2017-11-22T19:29:04.163000",
            "db": "NVD",
            "id": "CVE-2017-8175"
          },
          {
            "date": "2017-08-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-26780"
          },
          {
            "date": "2017-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116378"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          },
          {
            "date": "2017-12-11T18:41:01.497000",
            "db": "NVD",
            "id": "CVE-2017-8175"
          },
          {
            "date": "2017-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Input Confirmation Vulnerability in Smartphone Software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010735"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-150"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2017-8175 (GCVE-0-2017-8175)

    Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-16 21:57
    VLAI
    Summary
    The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.
    Severity
    No CVSS data available.
    CWE
    • Insufficient Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 Affected: Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions
    Create a notification for this product.
    Date Public
    2017-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:27:22.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions"
                }
              ]
            }
          ],
          "datePublic": "2017-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insufficient Input Validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-22T18:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "DATE_PUBLIC": "2017-11-15T00:00:00",
              "ID": "CVE-2017-8175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficient Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2017-8175",
        "datePublished": "2017-11-22T19:00:00.000Z",
        "dateReserved": "2017-04-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:57:42.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8175 (GCVE-0-2017-8175)

    Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 21:57
    VLAI
    Summary
    The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.
    Severity
    No CVSS data available.
    CWE
    • Insufficient Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 Affected: Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions
    Create a notification for this product.
    Date Public
    2017-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:27:22.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions"
                }
              ]
            }
          ],
          "datePublic": "2017-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insufficient Input Validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-22T18:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "DATE_PUBLIC": "2017-11-15T00:00:00",
              "ID": "CVE-2017-8175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Vicky-AL00A,Victoria-AL00A,Warsaw-AL00",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Warsaw-AL00C00B191 versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insufficient Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2017-8175",
        "datePublished": "2017-11-22T19:00:00.000Z",
        "dateReserved": "2017-04-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:57:42.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }