Search

Find a vulnerability

Search criteria

    25 vulnerabilities found for Mate 9 Pro by Huawei

    VAR-201712-0801

    Vulnerability from variot - Updated: 2025-04-20 23:32

    The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei Mate 9 Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Mali GPU driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the kernel. HuaweiMate9 and Mate9Pro are both Huawei's smartphone products. GPUdriver is a graphics driver used in it. A dual release vulnerability exists in the GPU driver in versions prior to HuaweiMate9MHA-AL00B8.0.0.334 (C00) and in versions prior to Mate9ProLON-AL00B8.0.0.334 (C00)

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "mha-al00b_8.0.0.334\\(c00\\)"
          },
          {
            "_id": null,
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-al00b_8.0.0.334\\(c00\\)"
          },
          {
            "_id": null,
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00b 8.0.0.334(c00)"
          },
          {
            "_id": null,
            "model": "mate 9",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "mha-al00b 8.0.0.334(c00)"
          },
          {
            "_id": null,
            "model": "mate 9 pro",
            "scope": null,
            "trust": 0.7,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "mate \u003cmha-al00b 8.0.0.334",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "_id": null,
            "model": "mate pro \u003clon-al00b 8.0.0.334",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1017"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15316"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Tencent Keen Security Lab",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1017"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2017-15316",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-15316",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "CVE-2017-15316",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 1.9,
                "id": "CNVD-2017-38219",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-15316",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-15316",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-15316",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2017-15316",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-38219",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-460",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1017"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-460"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15316"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei Mate 9 Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Mali GPU driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the kernel. HuaweiMate9 and Mate9Pro are both Huawei\u0027s smartphone products. GPUdriver is a graphics driver used in it. A dual release vulnerability exists in the GPU driver in versions prior to HuaweiMate9MHA-AL00B8.0.0.334 (C00) and in versions prior to Mate9ProLON-AL00B8.0.0.334 (C00)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-15316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-1017"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-15316",
            "trust": 3.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5337",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-1017",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-460",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1017"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-460"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15316"
          }
        ]
      },
      "id": "VAR-201712-0801",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219"
          }
        ],
        "trust": 1.3959724900000001
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:32:01.265000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "huawei-sa-20171201-01-smartphone",
            "trust": 1.5,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en"
          },
          {
            "title": "Huawei mobile phone GPU driver memory double release vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/111819"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1017"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-415",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15316"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15316"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15316"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171201-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1017"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-460"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15316"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-17-1017",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38219",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-460",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15316",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-06-08T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-1017",
            "ident": null
          },
          {
            "date": "2017-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-38219",
            "ident": null
          },
          {
            "date": "2018-01-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011595",
            "ident": null
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-460",
            "ident": null
          },
          {
            "date": "2017-12-22T17:29:13.173000",
            "db": "NVD",
            "id": "CVE-2017-15316",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-06-08T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-1017",
            "ident": null
          },
          {
            "date": "2017-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-38219",
            "ident": null
          },
          {
            "date": "2018-01-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011595",
            "ident": null
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-460",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-15316",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-460"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Huawei Mate 9 and  Mate 9 Pro Dual release vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011595"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-460"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0982

    Vulnerability from variot - Updated: 2025-04-20 23:29

    Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. plural Huawei Smartphone software contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP9 and other are all Huawei smartphones from China. There are resource consumption vulnerabilities in various Huawei phones. Huawei Honor Play 5A, etc. are all smartphone products of the Chinese company Huawei. The following products and versions are affected: Huawei Honor Play 5A CAM-L03C605B143CUSTC605D003 and earlier versions; Honor 8 Youth Edition Prague-L03C605B161 and earlier Prague-L23C605B160 versions; Mate9 MHA-AL00C00B225 and earlier versions; Mate9 Pro LON-AL00C00B225 Versions before; P10 VTR-AL00C00B167 and VTR-TL00C01B167; P10 Plus VKY-AL00C00B167 and VKY-TL00C01B167

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0982",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "honor 5a",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "cam-l03c605b143custc605d003"
          },
          {
            "model": "honor 8 lite",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "prague-l03c605b161"
          },
          {
            "model": "honor 8 lite",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "prague-l23c605b160"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "lon-al00c00b225"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "mha-al00c00b225"
          },
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b167"
          },
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-tl00c01b167"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b167"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-tl00c01b167"
          },
          {
            "model": "p10 plus vky-al00c00b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 plus vky-tl00c01b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 vtr-al00c00b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 vtr-tl00c01b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "mate \u003cmha-al00c00b225",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro lon-al00c00b225",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9\u003c"
          },
          {
            "model": "honor 5a cam-l03c605b143custc605d003",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "honor youth edition prague-l03c605b161",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "8\u003c"
          },
          {
            "model": "honor youth edition prague-l23c605b160",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "8\u003c"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:honor_5a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:honor_8_lite_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Erez Yalon of Checkmarx",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-8144",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-8144",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-19186",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-116347",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-8144",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8144",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8144",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-19186",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-140",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116347",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. plural Huawei Smartphone software contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP9 and other are all Huawei smartphones from China. There are resource consumption vulnerabilities in various Huawei phones. Huawei Honor Play 5A, etc. are all smartphone products of the Chinese company Huawei. The following products and versions are affected: Huawei Honor Play 5A CAM-L03C605B143CUSTC605D003 and earlier versions; Honor 8 Youth Edition Prague-L03C605B161 and earlier Prague-L23C605B160 versions; Mate9 MHA-AL00C00B225 and earlier versions; Mate9 Pro LON-AL00C00B225 Versions before; P10 VTR-AL00C00B167 and VTR-TL00C01B167; P10 Plus VKY-AL00C00B167 and VKY-TL00C01B167",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8144",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "id": "VAR-201711-0982",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          }
        ],
        "trust": 1.468724446
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:29:31.379000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170725-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en"
          },
          {
            "title": "Patches for resource consumption vulnerabilities in various Huawei phones",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/99591"
          },
          {
            "title": "Multiple Huawei Mobile phone security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72382"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-920",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8144"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8144"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170725-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "date": "2017-11-22T19:29:03.117000",
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Huawei Vulnerability related to resource management in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0980

    Vulnerability from variot - Updated: 2025-04-20 23:19

    The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution. Mate9 and Mate9Pro are smart phones from China's Huawei company. Trusted Execution Environment TEE is a security zone on the mobile device's main processor. The Huawei Mate9 and Mate9Pro mobile phone TEE modules have a UseAfterFree (UAF) security vulnerability. An attacker lures a user to install a malicious mobile application

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0980",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "lon-al00bc00b221"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "mha-al00bc00b221"
          },
          {
            "model": "mate pro \u003c=lon-al00bc00b221",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate \u003c=lon-al00bc00b221",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8142"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          }
        ]
      },
      "cve": "CVE-2017-8142",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-8142",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 1.9,
                "id": "CNVD-2017-11785",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-8142",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8142",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8142",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-11785",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-983",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8142"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution. Mate9 and Mate9Pro are smart phones from China\u0027s Huawei company. Trusted Execution Environment TEE is a security zone on the mobile device\u0027s main processor. The Huawei Mate9 and Mate9Pro mobile phone TEE modules have a UseAfterFree (UAF) security vulnerability. An attacker lures a user to install a malicious mobile application",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8142",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-983",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8142"
          }
        ]
      },
      "id": "VAR-201711-0980",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          }
        ],
        "trust": 1.2276592800000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:19:43.369000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170615-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en"
          },
          {
            "title": "Huawei mobile phone TEE module UseAfterFree vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/96677"
          },
          {
            "title": "Huawei Mate 9  and Mate 9 Pro Trusted Execution Environment Driver security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76693"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8142"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8142"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8142"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170615-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8142"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8142"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "date": "2017-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          },
          {
            "date": "2017-11-22T19:29:03.053000",
            "db": "NVD",
            "id": "CVE-2017-8142"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-11785"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          },
          {
            "date": "2017-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8142"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 and  Mate 9 Pro Vulnerability related to the use of released memory in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010726"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-983"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201712-0798

    Vulnerability from variot - Updated: 2025-04-20 23:12

    The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. plural Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 and Mate10Pro are both Huawei's smartphone products. Basebandmodules is one of the baseband modules. A stack overflow vulnerability exists in the baseband module in versions prior to HuaweiMate10ALP-AL008.0.0.120 (SP2C00) and in versions prior to Mate10ProBLA-AL008.0.0.120 (SP2C00) because the program did not adequately detect the parameters

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0798",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "mha-al00b_8.0.0.334\\(c00\\)"
          },
          {
            "model": "mate 10 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "bla-al00_8.0.0.120\\(sp2c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-al00b_8.0.0.334\\(c00\\)"
          },
          {
            "model": "mate 10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "alp-al00_8.0.0.120\\(sp2c00\\)"
          },
          {
            "model": "mate 10 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "bla-al00 8.0.0.120(sp2c00)"
          },
          {
            "model": "mate 10",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "alp-al00 8.0.0.120(sp2c00)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00b 8.0.0.334(c00)"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "mha-al00b 8.0.0.334(c00)"
          },
          {
            "model": "mate \u003calp-al00 8.0.0.120",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "10"
          },
          {
            "model": "mate pro \u003cbla-al00 8.0.0.120",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "10"
          },
          {
            "model": "mate \u003cmha-al00b 8.0.0.334",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro \u003clon-al00b 8.0.0.334",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15311"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_10_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tencent Keen Security Lab",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-15311",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-15311",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-38110",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-15311",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-15311",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-15311",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-38110",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-465",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15311"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. plural Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 and Mate10Pro are both Huawei\u0027s smartphone products. Basebandmodules is one of the baseband modules. A stack overflow vulnerability exists in the baseband module in versions prior to HuaweiMate10ALP-AL008.0.0.120 (SP2C00) and in versions prior to Mate10ProBLA-AL008.0.0.120 (SP2C00) because the program did not adequately detect the parameters",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-15311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-15311",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-465",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15311"
          }
        ]
      },
      "id": "VAR-201712-0798",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          }
        ],
        "trust": 1.4834128514285714
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:12:42.237000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20171125-01-baseband",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
          },
          {
            "title": "Patch for Huawei HuaweiMate10 and Mate10Pro stack overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/111735"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15311"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15311"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15311"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171125-01-baseband-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15311"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15311"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "date": "2017-11-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          },
          {
            "date": "2017-12-22T17:29:13.063000",
            "db": "NVD",
            "id": "CVE-2017-15311"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-38110"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-15311"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Huawei Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011709"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-465"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0355

    Vulnerability from variot - Updated: 2024-11-23 23:08

    There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0355",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p30 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "vog-al00_9.1.0.162\\(c01e160r1p12\\/c01e160r2p1\\)"
          },
          {
            "model": "p30",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "ele-al00_9.1.0.162\\(c01e160r1p12\\/c01e160r2p1\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "ele-al00 9.1.0.162(c01e160r1p12/c01e160r2p1)"
          },
          {
            "model": "p30",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "vog-al00 9.1.0.162(c01e160r1p12/c01e160r2p1)"
          },
          {
            "model": "p30 pro \u003cvog-al00 9.1.0.162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p30 \u003cele-al00 9.1.0.162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5215"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p30_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tencent Xuanwu Lab",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5215",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CVE-2019-5215",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.2,
                "id": "CNVD-2019-14805",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2019-5215",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5215",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5215",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-14805",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-793",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5215"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5215"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5215",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-793",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5215"
          }
        ]
      },
      "id": "VAR-201906-0355",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          }
        ],
        "trust": 1.34915903
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:08:23.992000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20190517-01-share",
            "trust": 0.8,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en"
          },
          {
            "title": "Huawei P30 and P30 Pro man-in-the-middle attack vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/161721"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5215"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190517-01-share-cn"
          },
          {
            "trust": 1.6,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190517-01-share-en"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5215"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5215"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5215"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5215"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          },
          {
            "date": "2019-06-04T19:29:00.227000",
            "db": "NVD",
            "id": "CVE-2019-5215"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-14805"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          },
          {
            "date": "2024-11-21T04:44:31.840000",
            "db": "NVD",
            "id": "CVE-2019-5215"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P30 Smartphone and  P30 Pro Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005134"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-793"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201802-0528

    Vulnerability from variot - Updated: 2024-11-23 23:02

    Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash. HuaweiMate9Pro is a smartphone product from China's Huawei company. HuaweiMate9Pro has a memory corruption vulnerability. Huawei Mate 9 Pro is China's Huawei ( Huawei ) company's smartphone

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0528",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "huawei",
            "version": "lon-al00bc00b235"
          },
          {
            "model": "mate 9 pro",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00bc00b235"
          },
          {
            "model": "mate pro \u003clon-al00bc00b235",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15347"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei internal tester",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-15347",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-15347",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-35595",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-106160",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-15347",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-15347",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-15347",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-35595",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-1152",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-106160",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15347"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash. HuaweiMate9Pro is a smartphone product from China\u0027s Huawei company. HuaweiMate9Pro has a memory corruption vulnerability. Huawei Mate 9 Pro is China\u0027s Huawei ( Huawei ) company\u0027s smartphone",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-15347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106160"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-15347",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-106160",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15347"
          }
        ]
      },
      "id": "VAR-201802-0528",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106160"
          }
        ],
        "trust": 1.2876653
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:02:13.020000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20171129-01-phone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-phone-en"
          },
          {
            "title": "HuaweiMate9Pro Memory Corruption Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/107413"
          },
          {
            "title": "Huawei Mate 9 Pro Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76807"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-106160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15347"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-phone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15347"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15347"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171129-01-phone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15347"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "db": "VULHUB",
            "id": "VHN-106160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-15347"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "date": "2018-02-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-106160"
          },
          {
            "date": "2018-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "date": "2017-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          },
          {
            "date": "2018-02-15T16:29:01.097000",
            "db": "NVD",
            "id": "CVE-2017-15347"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35595"
          },
          {
            "date": "2018-02-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-106160"
          },
          {
            "date": "2018-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          },
          {
            "date": "2017-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          },
          {
            "date": "2024-11-21T03:14:30.883000",
            "db": "NVD",
            "id": "CVE-2017-15347"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Smartphone vulnerable to using freed memory",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012456"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-1152"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-0204

    Vulnerability from variot - Updated: 2024-11-23 22:59

    Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation. HuaweiMate9Pro is a smartphone from China's Huawei company. Multiple Huawei Smartphones are prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0204",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro fimware",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "huawei",
            "version": "lon-al00bc00b229"
          },
          {
            "model": "mate 9 pro fimware",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "huawei",
            "version": "lon-al00bc00b139d"
          },
          {
            "model": "mate pro lon-al00bc00b139d",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro lon-al00bc00b229",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate 9 pro",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00bc00b139d"
          },
          {
            "model": "mate 9 pro",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00bc00b229"
          },
          {
            "model": "mate pro lon-al00b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "98.0.0.334("
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "db": "BID",
            "id": "103510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17326"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "103510"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-17326",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-17326",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-00346",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-108337",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 0.9,
                "id": "CVE-2017-17326",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17326",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17326",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-00346",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-289",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108337",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17326"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation. HuaweiMate9Pro is a smartphone from China\u0027s Huawei company. Multiple Huawei Smartphones are prone to a local security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "db": "BID",
            "id": "103510"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108337"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17326",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "103510",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-108337",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108337"
          },
          {
            "db": "BID",
            "id": "103510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17326"
          }
        ]
      },
      "id": "VAR-201803-0204",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108337"
          }
        ],
        "trust": 1.2876653
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:59:05.554000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20171227-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en"
          },
          {
            "title": "HuaweiMate9Pro activates the lock of the lock bypass vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/112743"
          },
          {
            "title": "Huawei Mate 9 Pro Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79011"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17326"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17326"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17326"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171227-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108337"
          },
          {
            "db": "BID",
            "id": "103510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17326"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108337"
          },
          {
            "db": "BID",
            "id": "103510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17326"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "date": "2018-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108337"
          },
          {
            "date": "2017-12-27T00:00:00",
            "db": "BID",
            "id": "103510"
          },
          {
            "date": "2018-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          },
          {
            "date": "2018-03-09T17:29:02.143000",
            "db": "NVD",
            "id": "CVE-2017-17326"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-00346"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108337"
          },
          {
            "date": "2017-12-27T00:00:00",
            "db": "BID",
            "id": "103510"
          },
          {
            "date": "2018-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          },
          {
            "date": "2024-11-21T03:17:50.563000",
            "db": "NVD",
            "id": "CVE-2017-17326"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "103510"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Smartphone software access control vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012881"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-289"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0352

    Vulnerability from variot - Updated: 2024-11-23 22:58

    Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak.

    Huawei Mate 9 Pro LON-L29C An error in the previous version of 8.0.0.361 (C636) was caused by a network system or a product that was configured during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0352",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro fimware",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-l29c_8.0.0.361\\(c636\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-l29c 8.0.0.361(c636)"
          },
          {
            "model": "mate pro \u003clon-l29c 8.0.0.361",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5244"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alexander",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5244",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-5244",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-41253",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5244",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5244",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5244",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-41253",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201902-783",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5244"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak. \n\nHuawei Mate 9 Pro LON-L29C An error in the previous version of 8.0.0.361 (C636) was caused by a network system or a product that was configured during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5244"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5244",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5244"
          }
        ]
      },
      "id": "VAR-201906-0352",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          }
        ],
        "trust": 1.3938326499999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:58:39.683000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20190220-01-informationleak",
            "trust": 0.8,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"
          },
          {
            "title": "Patch for Huawei Mate 9 Pro Information Disclosure Vulnerability (CNVD-2019-41253)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/190767"
          },
          {
            "title": "Huawei Mate 9 Pro Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89579"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5244"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5244"
          },
          {
            "trust": 1.2,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190220-01-informationleak-cn"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5244"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5244"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5244"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "date": "2019-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          },
          {
            "date": "2019-06-04T18:29:00.800000",
            "db": "NVD",
            "id": "CVE-2019-5244"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41253"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          },
          {
            "date": "2020-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          },
          {
            "date": "2024-11-21T04:44:35.697000",
            "db": "NVD",
            "id": "CVE-2019-5244"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Information disclosure vulnerability in smartphones",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005139"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-783"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-0202

    Vulnerability from variot - Updated: 2024-11-23 22:55

    Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution. HuaweiMate9Pro is a smartphone from China's Huawei company. Huawei Smart Phones are prone to an integer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. The vulnerability is caused by the fact that the program does not check external input parameters

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0202",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "huawei",
            "version": "lon-al00bc00b139d"
          },
          {
            "model": "mate 9 pro",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "huawei",
            "version": "lon-al00bc00b229"
          },
          {
            "model": "mate pro lon-al00bc00b139d",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro lon-al00bc00b229",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro 8.0.0.334",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "db": "BID",
            "id": "103417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17324"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "103417"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-17324",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-17324",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-02545",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-108335",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-17324",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17324",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17324",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-02545",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-291",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108335",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17324"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution. HuaweiMate9Pro is a smartphone from China\u0027s Huawei company. Huawei Smart Phones are prone to an integer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. The vulnerability is caused by the fact that the program does not check external input parameters",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "db": "BID",
            "id": "103417"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108335"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17324",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "39153",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "103417",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-108335",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108335"
          },
          {
            "db": "BID",
            "id": "103417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17324"
          }
        ]
      },
      "id": "VAR-201803-0202",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108335"
          }
        ],
        "trust": 1.45811835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:55:59.538000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180124-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-en"
          },
          {
            "title": "HuaweiMate9Pro integer overflow vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/115279"
          },
          {
            "title": "Huawei Mate 9 Pro Fixes for digital error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79013"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17324"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17324"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17324"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-cn"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/39153"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108335"
          },
          {
            "db": "BID",
            "id": "103417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17324"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108335"
          },
          {
            "db": "BID",
            "id": "103417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17324"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "date": "2018-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108335"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "BID",
            "id": "103417"
          },
          {
            "date": "2018-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          },
          {
            "date": "2018-03-09T17:29:02.047000",
            "db": "NVD",
            "id": "CVE-2017-17324"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-02545"
          },
          {
            "date": "2018-03-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108335"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "BID",
            "id": "103417"
          },
          {
            "date": "2018-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          },
          {
            "date": "2024-11-21T03:17:50.340000",
            "db": "NVD",
            "id": "CVE-2017-17324"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Integer overflow vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012883"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "digital error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-291"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201806-0424

    Vulnerability from variot - Updated: 2024-11-23 22:55

    Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution. Huawei Mate 9 Pro Smartphones contain a vulnerability related to input confirmation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a Huawei smartphone product from China

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0424",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro fimware",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-al00b_8.0.0.356\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00b 8.0.0.356"
          },
          {
            "model": "mate pro \u003clon-al00b 8.0.0.356",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17173"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          }
        ]
      },
      "cve": "CVE-2017-17173",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-17173",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-12844",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-17173",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17173",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17173",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12844",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-932",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-932"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17173"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution. Huawei Mate 9 Pro Smartphones contain a vulnerability related to input confirmation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a Huawei smartphone product from China",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17173",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-932",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-932"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17173"
          }
        ]
      },
      "id": "VAR-201806-0424",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          }
        ],
        "trust": 1.3581183499999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:55:52.514000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180613-02-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-02-smartphone-en"
          },
          {
            "title": "HuaweiMate9ProGPU driver patch for any memory release vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/134017"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17173"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-02-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17173"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17173"
          },
          {
            "trust": 0.6,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180613-02-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-932"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17173"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-932"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17173"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          },
          {
            "date": "2018-08-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-932"
          },
          {
            "date": "2018-06-14T14:29:00.277000",
            "db": "NVD",
            "id": "CVE-2017-17173"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12844"
          },
          {
            "date": "2018-08-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          },
          {
            "date": "2018-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-932"
          },
          {
            "date": "2024-11-21T03:17:38.750000",
            "db": "NVD",
            "id": "CVE-2017-17173"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-932"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Vulnerability related to input confirmation in smartphones",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014000"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-932"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-0198

    Vulnerability from variot - Updated: 2024-11-23 22:45

    Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. Huawei Mate 9 Pro Smartphones contain a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a smartphone from China's Huawei company. There is a memory release vulnerability in HuaweiMate9Pro

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0198",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "huawei",
            "version": "lon-al00bc00b139d"
          },
          {
            "model": "mate 9 pro",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "huawei",
            "version": "lon-al00bc00b229"
          },
          {
            "model": "mate 9 pro",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "huawei",
            "version": "lon-l29dc721b188"
          },
          {
            "model": "mate pro lon-al00bc00b139d",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro lon-al00bc00b229",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro lon-l29dc721b188",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17320"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          }
        ]
      },
      "cve": "CVE-2017-17320",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-17320",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-05336",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-108331",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-17320",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17320",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17320",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05336",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-717",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108331",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108331"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17320"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. Huawei Mate 9 Pro Smartphones contain a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a smartphone from China\u0027s Huawei company. There is a memory release vulnerability in HuaweiMate9Pro",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17320"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108331"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17320",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-108331",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108331"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17320"
          }
        ]
      },
      "id": "VAR-201803-0198",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108331"
          }
        ],
        "trust": 1.2876653
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:45:25.910000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180314-02-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en"
          },
          {
            "title": "HuaweiMate9Pro memory release vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/121585"
          },
          {
            "title": "Huawei Mate 9 Pro Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79317"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-415",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108331"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17320"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17320"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17320"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180314-02-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108331"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17320"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108331"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17320"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108331"
          },
          {
            "date": "2018-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "date": "2018-03-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          },
          {
            "date": "2018-03-20T15:29:00.470000",
            "db": "NVD",
            "id": "CVE-2017-17320"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05336"
          },
          {
            "date": "2018-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108331"
          },
          {
            "date": "2018-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          },
          {
            "date": "2018-03-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          },
          {
            "date": "2024-11-21T03:17:49.870000",
            "db": "NVD",
            "id": "CVE-2017-17320"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Vulnerability related to double release in smartphones",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012982"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-717"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1040

    Vulnerability from variot - Updated: 2024-11-23 22:45

    The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile phones with the versions before LON-AL00B 8.0.0.340a(C00) has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious data into a target mobile phone. Successful exploit could lead to system restart or arbitrary code execution. Huawei Mate 9 Pro Smartphones contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a smartphone from China's Huawei company. A buffer overflow vulnerability exists in the HuaweiMate9ProNFC module due to a lack of parameter checking in the program. Multiple Huawei Products are prone to a buffer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1040",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-al00b_8.0.0.340a\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00b 8.0.0.340a(c00)"
          },
          {
            "model": "mate pro lon-al00b 8.0.0.340a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "90"
          },
          {
            "model": "mate pro lon-al00b 8.0.0.340a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "db": "BID",
            "id": "103448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17225"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "103448"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-17225",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-17225",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-02554",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-17225",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17225",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17225",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-02554",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-301",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17225"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile phones with the versions before LON-AL00B 8.0.0.340a(C00) has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious data into a target mobile phone. Successful exploit could lead to system restart or arbitrary code execution. Huawei Mate 9 Pro Smartphones contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a smartphone from China\u0027s Huawei company. A buffer overflow vulnerability exists in the HuaweiMate9ProNFC module due to a lack of parameter checking in the program. Multiple Huawei Products are prone to a buffer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17225"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "db": "BID",
            "id": "103448"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17225",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-301",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "103448",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "db": "BID",
            "id": "103448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17225"
          }
        ]
      },
      "id": "VAR-201803-1040",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          }
        ],
        "trust": 1.1876653
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:45:25.804000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180130-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180130-01-smartphone-en"
          },
          {
            "title": "HuaweiMate9ProNFC module buffer overflow vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/115295"
          },
          {
            "title": "Huawei Mate 9 Pro LON-AL00B NFC Fixes for module buffer error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79023"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17225"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180130-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17225"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17225"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180130-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "db": "BID",
            "id": "103448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17225"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "db": "BID",
            "id": "103448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17225"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "date": "2018-01-30T00:00:00",
            "db": "BID",
            "id": "103448"
          },
          {
            "date": "2018-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          },
          {
            "date": "2018-03-09T17:29:01.407000",
            "db": "NVD",
            "id": "CVE-2017-17225"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-02554"
          },
          {
            "date": "2018-01-30T00:00:00",
            "db": "BID",
            "id": "103448"
          },
          {
            "date": "2018-04-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          },
          {
            "date": "2024-11-21T03:17:41.883000",
            "db": "NVD",
            "id": "CVE-2017-17225"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Smartphone buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012828"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-301"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0861

    Vulnerability from variot - Updated: 2024-11-23 22:41

    There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. plural Huawei Smartphones have vulnerabilities related to authorization, authority, and access control.Information may be tampered with. Huawei Mate9Pro and Nova2Plus are all smart phones from China's Huawei company. The Huawei nova 2 Plus and Mate9 Pro are smartphones from the Chinese company Huawei. There are security vulnerabilities in Huawei nova 2 Plus versions prior to 8.0.0.350(C00) and Mate9 Pro versions prior to 8.0.0.363(C00). The vulnerability stems from insufficient verification of permissions by the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0861",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nova 2 plus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "8.0.0.350\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "8.0.0.363\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "nova 2 plus",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "nova plus \u003c8.0.0.350",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "2"
          },
          {
            "model": "mate pro \u003c8.0.0.363",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7988"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:nova_2_plus_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          }
        ]
      },
      "cve": "CVE-2018-7988",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7988",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2018-23257",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-138020",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 0.9,
                "id": "CVE-2018-7988",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7988",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7988",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-23257",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-495",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-138020",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-495"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7988"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. plural Huawei Smartphones have vulnerabilities related to authorization, authority, and access control.Information may be tampered with. Huawei Mate9Pro and Nova2Plus are all smart phones from China\u0027s Huawei company. The Huawei nova 2 Plus and Mate9 Pro are smartphones from the Chinese company Huawei. There are security vulnerabilities in Huawei nova 2 Plus versions prior to 8.0.0.350(C00) and Mate9 Pro versions prior to 8.0.0.363(C00). The vulnerability stems from insufficient verification of permissions by the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138020"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7988",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-495",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-138020",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-495"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7988"
          }
        ]
      },
      "id": "VAR-201811-0861",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138020"
          }
        ],
        "trust": 1.32075572
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:41:38.917000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20181114-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"
          },
          {
            "title": "Huawei smartphone FRP bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/144797"
          },
          {
            "title": "Huawei nova 2 Plus  and Mate9 Pro Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86896"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-495"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-138020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7988"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7988"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7988"
          },
          {
            "trust": 0.6,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181114-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-495"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7988"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-495"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7988"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "date": "2018-11-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-138020"
          },
          {
            "date": "2019-03-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "date": "2018-11-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-495"
          },
          {
            "date": "2018-11-27T22:29:00.523000",
            "db": "NVD",
            "id": "CVE-2018-7988"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-23257"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-138020"
          },
          {
            "date": "2019-03-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-495"
          },
          {
            "date": "2024-11-21T04:13:02.290000",
            "db": "NVD",
            "id": "CVE-2018-7988"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Huawei Vulnerabilities related to authorization, authority, and access control in smartphones",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014582"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-495"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-0197

    Vulnerability from variot - Updated: 2024-11-23 22:34

    Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure. HuaweiP9 is a smartphone from China's Huawei company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0197",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-al10c00b399sp02"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "eva-al10c00b399sp02"
          },
          {
            "model": "p9 \u003ceva-al10c00b399sp02",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17319"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          }
        ]
      },
      "cve": "CVE-2017-17319",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-17319",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-05335",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-17319",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17319",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17319",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05335",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-718",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17319"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure. HuaweiP9 is a smartphone from China\u0027s Huawei company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17319",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17319"
          }
        ]
      },
      "id": "VAR-201803-0197",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          }
        ],
        "trust": 1.18625232
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:34:19.620000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180314-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en"
          },
          {
            "title": "HuaweiP9 information disclosure vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/121557"
          },
          {
            "title": "Huawei P9 Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79318"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17319"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17319"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17319"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180314-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17319"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17319"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "date": "2018-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "date": "2018-03-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          },
          {
            "date": "2018-03-20T15:29:00.407000",
            "db": "NVD",
            "id": "CVE-2017-17319"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "date": "2018-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012981"
          },
          {
            "date": "2018-03-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          },
          {
            "date": "2024-11-21T03:17:49.753000",
            "db": "NVD",
            "id": "CVE-2017-17319"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P9 Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-718"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-0164

    Vulnerability from variot - Updated: 2024-11-23 22:17

    The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone. HuaweiMate9Pro is a smartphone from Huawei. Huawei Smart Phones are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The Huawei Mate 9 Pro is a smartphone from the Chinese company Huawei. The soundtrigger module is one of the speech recognition modules

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0164",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-al00b_8.0.0.343\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00b 8.0.0.343(c00)"
          },
          {
            "model": "mate pro \u003clon-al00b 8.0.0.343",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "90"
          },
          {
            "model": "mate pro lon-al00b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "98.0.0.343("
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "db": "BID",
            "id": "103360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17279"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "103360"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-17279",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-17279",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 5.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-04767",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-108285",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-17279",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17279",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17279",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-04767",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-297",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108285",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17279"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone. HuaweiMate9Pro is a smartphone from Huawei. Huawei Smart Phones are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The Huawei Mate 9 Pro is a smartphone from the Chinese company Huawei. The soundtrigger module is one of the speech recognition modules",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "db": "BID",
            "id": "103360"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108285"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17279",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103360",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-297",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-108285",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108285"
          },
          {
            "db": "BID",
            "id": "103360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17279"
          }
        ]
      },
      "id": "VAR-201803-0164",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108285"
          }
        ],
        "trust": 1.45811835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:17:38.603000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180307-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en"
          },
          {
            "title": "Huawei Mate 9 Pro soundtrigger Repair measures for module security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79019"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17279"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103360"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17279"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17279"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180307-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108285"
          },
          {
            "db": "BID",
            "id": "103360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17279"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108285"
          },
          {
            "db": "BID",
            "id": "103360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17279"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "date": "2018-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108285"
          },
          {
            "date": "2018-03-07T00:00:00",
            "db": "BID",
            "id": "103360"
          },
          {
            "date": "2018-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "date": "2018-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          },
          {
            "date": "2018-03-09T17:29:01.610000",
            "db": "NVD",
            "id": "CVE-2017-17279"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-04767"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108285"
          },
          {
            "date": "2018-03-07T00:00:00",
            "db": "BID",
            "id": "103360"
          },
          {
            "date": "2018-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          },
          {
            "date": "2024-11-21T03:17:44.350000",
            "db": "NVD",
            "id": "CVE-2017-17279"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Smartphone software access control vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012880"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-297"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0047

    Vulnerability from variot - Updated: 2024-11-23 22:17

    The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone. Huawei Mate 9 and Mate 9 Pro Smartphones have vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9 and Mate9Pro are both Huawei's smartphone products. The vulnerability is due to insufficient input verification in the hardware security module of some Huawei phones. The Huawei Mate 9 and Mate 9 Pro are smartphones from the Chinese company Huawei

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0047",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "lon-al00bc00b156"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "lon-cl00bc00b156"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "lon-dl00bc00b156"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "lon-tl00bc00b156"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "mha-al00bc00b156"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "mha-cl00bc00b156"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "mha-dl00bc00b156"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "mha-tl00bc00b156"
          },
          {
            "model": "mate \u003cmha-al00bc00b156",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate \u003cmha-cl00bc00b156",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate \u003cmha-dl00bc00b156",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate \u003cmha-tl00bc00b156",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro \u003clon-al00bc00b156",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro \u003clon-cl00bc00b156",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro \u003clon-dl00bc00b156",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro \u003clon-tl00bc00b156",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17176"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          }
        ]
      },
      "cve": "CVE-2017-17176",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-17176",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-20883",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-108172",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2017-17176",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17176",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17176",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-20883",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-929",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108172",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17176"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone. Huawei Mate 9 and Mate 9 Pro Smartphones have vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9 and Mate9Pro are both Huawei\u0027s smartphone products. The vulnerability is due to insufficient input verification in the hardware security module of some Huawei phones. The Huawei Mate 9 and Mate 9 Pro are smartphones from the Chinese company Huawei",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17176"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108172"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17176",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-929",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-108172",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17176"
          }
        ]
      },
      "id": "VAR-201810-0047",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108172"
          }
        ],
        "trust": 1.32765928
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:17:17.992000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170306-01-smartphone",
            "trust": 0.8,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en"
          },
          {
            "title": "Patch of random memory read and write vulnerabilities for various Huawei phones",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142309"
          },
          {
            "title": "Huawei Mate 9  and Mate 9 Pro hardware security Repair measures for module security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85679"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17176"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17176"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17176"
          },
          {
            "trust": 0.6,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170306-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17176"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17176"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108172"
          },
          {
            "date": "2019-01-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          },
          {
            "date": "2018-10-17T15:29:00.633000",
            "db": "NVD",
            "id": "CVE-2017-17176"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-20883"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108172"
          },
          {
            "date": "2019-01-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          },
          {
            "date": "2024-11-21T03:17:39.067000",
            "db": "NVD",
            "id": "CVE-2017-17176"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 and  Mate 9 Pro Vulnerabilities related to authorization, authority, and access control in smartphones",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014321"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-929"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0357

    Vulnerability from variot - Updated: 2024-11-23 22:16

    There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition. An attacker can use this vulnerability to entice a user who has gained root privileges to install a malicious application to read process information, causing sensitive information to leak

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0357",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-al00b9.0.1.150\\(c00e61r1p8t8\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00b9.0.1.150(c00e61r1p8t8)"
          },
          {
            "model": "mate pro \u003clon-al00b9.0.1.150",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5217"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ding Yicong",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-5217",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5217",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-41251",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2019-5217",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5217",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-5217",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-41251",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-888",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5217"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition. An attacker can use this vulnerability to entice a user who has gained root privileges to install a malicious application to read process information, causing sensitive information to leak",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5217",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5217"
          }
        ]
      },
      "id": "VAR-201906-0357",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          }
        ],
        "trust": 1.1876653
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:16:58.984000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20190417-01-smartphone",
            "trust": 0.8,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en"
          },
          {
            "title": "Patch for Huawei Mate 9 Pro Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/190765"
          },
          {
            "title": "Huawei Mate 9 Pro Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91718"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-307",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5217"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5217"
          },
          {
            "trust": 1.2,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190417-01-smartphone-cn"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5217"
          },
          {
            "trust": 0.6,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190220-01-informationleak-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5217"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5217"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          },
          {
            "date": "2019-06-04T19:29:00.273000",
            "db": "NVD",
            "id": "CVE-2019-5217"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005135"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          },
          {
            "date": "2024-11-21T04:44:32.080000",
            "db": "NVD",
            "id": "CVE-2019-5217"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 Pro Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41251"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-888"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-0256

    Vulnerability from variot - Updated: 2024-11-23 22:12

    Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages. HuaweiMate9Pro is a Huawei smartphone product from China. The Huawei Mate 9 Pro is a smartphone from the Chinese company Huawei

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0256",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-al00b_8.0.0.354\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00b 8.0.0.354(c00)"
          },
          {
            "model": "mate pro \u003clon-al00b 8.0.0.354",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17175"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          }
        ]
      },
      "cve": "CVE-2017-17175",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-17175",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12846",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "VHN-108171",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-17175",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17175",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17175",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12846",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-930",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108171",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-930"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17175"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages. HuaweiMate9Pro is a Huawei smartphone product from China. The Huawei Mate 9 Pro is a smartphone from the Chinese company Huawei",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108171"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17175",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-930",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-108171",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-930"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17175"
          }
        ]
      },
      "id": "VAR-201807-0256",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108171"
          }
        ],
        "trust": 1.45811835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:28.934000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180629-01-smartphone",
            "trust": 0.8,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180629-01-smartphone-en"
          },
          {
            "title": "HuaweiMate9Pro mobile phone short message module denial of service vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/134021"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17175"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180629-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17175"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17175"
          },
          {
            "trust": 0.6,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180629-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-930"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17175"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-930"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17175"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "date": "2018-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108171"
          },
          {
            "date": "2018-10-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-930"
          },
          {
            "date": "2018-07-02T13:29:00.210000",
            "db": "NVD",
            "id": "CVE-2017-17175"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12846"
          },
          {
            "date": "2018-09-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108171"
          },
          {
            "date": "2018-10-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          },
          {
            "date": "2018-07-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-930"
          },
          {
            "date": "2024-11-21T03:17:38.963000",
            "db": "NVD",
            "id": "CVE-2017-17175"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-930"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mate 9 Pro Huawei Input validation vulnerabilities in smartphones",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014043"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-930"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-2075

    Vulnerability from variot - Updated: 2024-11-23 22:06

    Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition. HuaweiMate9Pro and P10Plus are both Huawei's smartphone products. The MediaPadM3 is a tablet. There are buffer overflow vulnerabilities in Huawei's various products, and the driver failed to fully verify the program's input. Mdapt Driver is one of the dithering effect drivers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-2075",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mediapad m3",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "huawei",
            "version": "btv-w09c128b353custc128d001"
          },
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "8.0.0.357\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "8.0.0.356\\(c00\\)"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "8.0.0.356\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "mate 9",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "mediapad m3",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 plus",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "mediapad m3 btv-w09c128b353custc128d001",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "mate pro \u003c8.0.0.356",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "p10 plus \u003c8.0.0.357",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7992"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mediapad_m3_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          }
        ]
      },
      "cve": "CVE-2018-7992",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-7992",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-14059",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-138024",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-7992",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7992",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7992",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-14059",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-2010",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-138024",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7992"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition. HuaweiMate9Pro and P10Plus are both Huawei\u0027s smartphone products. The MediaPadM3 is a tablet. There are buffer overflow vulnerabilities in Huawei\u0027s various products, and the driver failed to fully verify the program\u0027s input. Mdapt Driver is one of the dithering effect drivers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138024"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7992",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-138024",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7992"
          }
        ]
      },
      "id": "VAR-201807-2075",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138024"
          }
        ],
        "trust": 1.41931744
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:39.864000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180725-01-dos",
            "trust": 0.8,
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en"
          },
          {
            "title": "Huawei patch for product buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/135479"
          },
          {
            "title": "Huawei MediaPad M3 , Mate 9 Pro  and P10 Plus Mdapt Driver Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82737"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-138024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7992"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7992"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7992"
          },
          {
            "trust": 0.6,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180725-01-dos-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7992"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7992"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "date": "2018-07-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-138024"
          },
          {
            "date": "2018-10-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "date": "2018-08-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          },
          {
            "date": "2018-07-31T14:29:01.090000",
            "db": "NVD",
            "id": "CVE-2018-7992"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-14059"
          },
          {
            "date": "2018-10-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-138024"
          },
          {
            "date": "2018-10-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          },
          {
            "date": "2018-08-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          },
          {
            "date": "2024-11-21T04:13:02.733000",
            "db": "NVD",
            "id": "CVE-2018-7992"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  HUAWEI Product buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008884"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2010"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1327

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date which may cause sensitive information leak. Huawei Mate 9 and Mate 9 pro Contains an information disclosure vulnerability.Information may be obtained. HuaweiMate9 and Mate9Pro are all smartphones from China's Huawei company. An information disclosure vulnerability exists in HuaweiMate9 and Mate9Pro

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1327",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "lon-al00b_8.0.0.334\\(c00\\)"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "mha-al00b_8.0.0.334\\(c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "lon-al00b 8.0.0.334(c00)"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "mha-al00b 8.0.0.334(c00)"
          },
          {
            "model": "mate \u003cmha-al00b",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "98.0.0.334"
          },
          {
            "model": "mate pro \u003clon-al00b",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "98.0.0.334"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17139"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          }
        ]
      },
      "cve": "CVE-2017-17139",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-17139",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-37497",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-17139",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-17139",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17139",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-37497",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-304",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17139"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date which may cause sensitive information leak. Huawei Mate 9 and Mate 9 pro Contains an information disclosure vulnerability.Information may be obtained. HuaweiMate9 and Mate9Pro are all smartphones from China\u0027s Huawei company. An information disclosure vulnerability exists in HuaweiMate9 and Mate9Pro",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17139",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-304",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17139"
          }
        ]
      },
      "id": "VAR-201803-1327",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          }
        ],
        "trust": 1.3959724900000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:00:39.842000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20171213-04-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-04-smartphone-en"
          },
          {
            "title": "HuaweiMate mobile phone information disclosure vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/111007"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17139"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-04-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17139"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17139"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171213-04-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17139"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-304"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17139"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          },
          {
            "date": "2018-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "date": "2017-12-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-304"
          },
          {
            "date": "2018-03-05T19:29:00.643000",
            "db": "NVD",
            "id": "CVE-2017-17139"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-37497"
          },
          {
            "date": "2018-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          },
          {
            "date": "2018-03-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-304"
          },
          {
            "date": "2024-11-21T03:17:33.837000",
            "db": "NVD",
            "id": "CVE-2017-17139"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-304"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei Mate 9 and  Mate 9 pro Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012847"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-304"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201805-1005

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations. Huawei smartphone Mate 10 and Mate 10 Pro Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1005",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "8.0.0.129\\(sp2c00\\)"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "8.0.0.129\\(sp2c01\\)"
          },
          {
            "model": "mate 10 pro",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "8.0.0.129(sp2c00)"
          },
          {
            "model": "mate 10",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "huawei",
            "version": "8.0.0.129(sp2c01)"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7940"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_10_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          }
        ]
      },
      "cve": "CVE-2018-7940",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7940",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.3,
                "id": "CVE-2018-7940",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7940",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7940",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201805-343",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7940"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations. Huawei smartphone Mate 10 and Mate 10 Pro Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7940"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7940",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-343",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7940"
          }
        ]
      },
      "id": "VAR-201805-1005",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.62765928
      },
      "last_update_date": "2024-11-23T22:00:30.707000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180509-01-mobile",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-mobile-en"
          },
          {
            "title": "Huawei Mate 10  and Mate 10 Pro Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80005"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7940"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-mobile-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7940"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7940"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7940"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7940"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "date": "2018-05-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          },
          {
            "date": "2018-05-10T14:29:00.673000",
            "db": "NVD",
            "id": "CVE-2018-7940"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          },
          {
            "date": "2018-05-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          },
          {
            "date": "2024-11-21T04:12:59.710000",
            "db": "NVD",
            "id": "CVE-2018-7940"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei smartphone  Mate 10 and  Mate 10 Pro Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004816"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-343"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-5217 (GCVE-0-2019-5217)

    Vulnerability from nvd – Published: 2019-06-04 18:35 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition.
    Severity
    No CVSS data available.
    CWE
    • information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Mate 9 Pro Affected: Versions earlier than LON-AL00B9.0.1.150(C00E61R1P8T8)
    Create a notification for this product.
    Date Public
    2019-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.796Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mate 9 Pro",
              "vendor": "Huawei",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than LON-AL00B9.0.1.150(C00E61R1P8T8)"
                }
              ]
            }
          ],
          "datePublic": "2019-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-04T18:35:39.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mate 9 Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than LON-AL00B9.0.1.150(C00E61R1P8T8)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en",
                  "refsource": "CONFIRM",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5217",
        "datePublished": "2019-06-04T18:35:39.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5244 (GCVE-0-2019-5244)

    Vulnerability from nvd – Published: 2019-06-04 17:54 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak.
    Severity
    No CVSS data available.
    CWE
    • information leak
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Mate 9 Pro Affected: Earlier than LON-L29C 8.0.0.361(C636) versions
    Create a notification for this product.
    Date Public
    2019-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.745Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mate 9 Pro",
              "vendor": "Huawei",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than LON-L29C 8.0.0.361(C636) versions"
                }
              ]
            }
          ],
          "datePublic": "2019-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-04T17:54:19.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mate 9 Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than LON-L29C 8.0.0.361(C636) versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en",
                  "refsource": "CONFIRM",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5244",
        "datePublished": "2019-06-04T17:54:19.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5217 (GCVE-0-2019-5217)

    Vulnerability from cvelistv5 – Published: 2019-06-04 18:35 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition.
    Severity
    No CVSS data available.
    CWE
    • information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Mate 9 Pro Affected: Versions earlier than LON-AL00B9.0.1.150(C00E61R1P8T8)
    Create a notification for this product.
    Date Public
    2019-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.796Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mate 9 Pro",
              "vendor": "Huawei",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than LON-AL00B9.0.1.150(C00E61R1P8T8)"
                }
              ]
            }
          ],
          "datePublic": "2019-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-04T18:35:39.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mate 9 Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than LON-AL00B9.0.1.150(C00E61R1P8T8)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en",
                  "refsource": "CONFIRM",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190417-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5217",
        "datePublished": "2019-06-04T18:35:39.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5244 (GCVE-0-2019-5244)

    Vulnerability from cvelistv5 – Published: 2019-06-04 17:54 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak.
    Severity
    No CVSS data available.
    CWE
    • information leak
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Mate 9 Pro Affected: Earlier than LON-L29C 8.0.0.361(C636) versions
    Create a notification for this product.
    Date Public
    2019-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.745Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mate 9 Pro",
              "vendor": "Huawei",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than LON-L29C 8.0.0.361(C636) versions"
                }
              ]
            }
          ],
          "datePublic": "2019-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-04T17:54:19.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mate 9 Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than LON-L29C 8.0.0.361(C636) versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en",
                  "refsource": "CONFIRM",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5244",
        "datePublished": "2019-06-04T17:54:19.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }