Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for p10 by huawei

    VAR-201711-0988

    Vulnerability from variot - Updated: 2025-04-20 23:39

    The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 and P10 Plus Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiP10 and P10Plus are both Huawei's smartphone products. The HuaweiP10 and P10Plus bootloaders have written arbitrary memory leaks due to lack of parameter checking. The Huawei P10 and P10 Plus are both smartphones from the Chinese company Huawei. Bootloader is one of the system startup programs. The bootloader in Huawei P10 and P10 Plus has a security vulnerability, which is caused by the program not checking parameters adequately. The following products and versions are affected: Huawei P10 Victoria-L09AC605B162 earlier, Victoria-L29AC605B162 earlier; P10 Plus Vicky-L29AC605B162 earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0988",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l09c605b390"
          },
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l19c432b388"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "victoria-l09ac605b162"
          },
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l19c636b391"
          },
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l19c605b390"
          },
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l09c635b387"
          },
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l19c10b390"
          },
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l09c432b391"
          },
          {
            "model": "p8 lite",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "ale-l21c113b566"
          },
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l09c576b386"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "victoria-l29ac605b162"
          },
          {
            "model": "p9",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "eva-l09c636b388"
          },
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "huawei",
            "version": "vicky-l29ac605b162"
          },
          {
            "model": "p10 plus",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p8 lite",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p9",
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 \u003cvictoria-l09ac605b162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 \u003cvictoria-l29ac605b162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 plus \u003cvicky-l29ac605b162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8150"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p8_lite_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          }
        ]
      },
      "cve": "CVE-2017-8150",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-8150",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-28814",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-116353",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-8150",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8150",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8150",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-28814",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-980",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116353",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8150"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 and P10 Plus Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiP10 and P10Plus are both Huawei\u0027s smartphone products. The HuaweiP10 and P10Plus bootloaders have written arbitrary memory leaks due to lack of parameter checking. The Huawei P10 and P10 Plus are both smartphones from the Chinese company Huawei. Bootloader is one of the system startup programs. The bootloader in Huawei P10 and P10 Plus has a security vulnerability, which is caused by the program not checking parameters adequately. The following products and versions are affected: Huawei P10 Victoria-L09AC605B162 earlier, Victoria-L29AC605B162 earlier; P10 Plus Vicky-L29AC605B162 earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116353"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8150",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-980",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-116353",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8150"
          }
        ]
      },
      "id": "VAR-201711-0988",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116353"
          }
        ],
        "trust": 1.285179785
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:39:55.799000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170816-02-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphone-en"
          },
          {
            "title": "Huawei mobile phone writes a patch for any memory vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/103206"
          },
          {
            "title": "Huawei P10  and P10 Plus Bootloader Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76690"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8150"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8150"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8150"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170816-02-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8150"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8150"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116353"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "date": "2017-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          },
          {
            "date": "2017-11-22T19:29:03.350000",
            "db": "NVD",
            "id": "CVE-2017-8150"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-28814"
          },
          {
            "date": "2017-12-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116353"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          },
          {
            "date": "2017-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8150"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 and  P10 Plus Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010626"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-980"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0987

    Vulnerability from variot - Updated: 2025-04-20 23:38

    The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. the APP can modify specific data to cause buffer overflow in the next system reboot, causing out-of-bounds memory read which can continuous system reboot. Huawei P10 and P10 Plus Smartphone software contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP10 and P10Plus are both Huawei's smartphone products. There are memory access violations in the Bootloader of HuaweiP10 and P10Plus due to lack of parameter checking

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0987",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vicky-l29ac605b162"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "victoria-l09ac605b162"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "victoria-l29ac605b162"
          },
          {
            "model": "p10 \u003cvictoria-l09ac605b162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 \u003cvictoria-l29ac605b162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 plus \u003cvicky-l29ac605b162",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8149"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          }
        ]
      },
      "cve": "CVE-2017-8149",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-8149",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-28793",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-8149",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8149",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8149",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-28793",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-981",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8149"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. the APP can modify specific data to cause buffer overflow in the next system reboot, causing out-of-bounds memory read which can continuous system reboot. Huawei P10 and P10 Plus Smartphone software contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP10 and P10Plus are both Huawei\u0027s smartphone products. There are memory access violations in the Bootloader of HuaweiP10 and P10Plus due to lack of parameter checking",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8149",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-981",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8149"
          }
        ]
      },
      "id": "VAR-201711-0987",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          }
        ],
        "trust": 1.1922256
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:38:21.648000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170816-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-smartphone-en"
          },
          {
            "title": "Huawei mobile phone bootloader memory access cross-border vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/103201"
          },
          {
            "title": "Huawei P10  and P10 Plus Bootloader Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76691"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8149"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8149"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8149"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170816-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8149"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8149"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "date": "2017-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          },
          {
            "date": "2017-11-22T19:29:03.317000",
            "db": "NVD",
            "id": "CVE-2017-8149"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-28793"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          },
          {
            "date": "2017-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8149"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 and  P10 Plus Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010625"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-981"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0935

    Vulnerability from variot - Updated: 2025-04-20 23:32

    Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart. HuaweiVicky-AL00A and Victoria-AL00A are both Huawei's smartphone devices. The vulnerability stems from the program not fully performing input verification. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the system, denying service to legitimate users

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0935",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b157"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b157"
          },
          {
            "model": "victoria-al00a \u003c=victoria-al00ac00b157",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "vicky-al00a \u003c=vicky-al00ac00b157",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "victoria-al00ac00b157",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00ac00b157",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zhou Ye, Xu Lei Yong, Li Bo of 360 Vulpecker Team",
        "sources": [
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-8172",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-8172",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-13795",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-8172",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8172",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8172",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-13795",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-070",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart. HuaweiVicky-AL00A and Victoria-AL00A are both Huawei\u0027s smartphone devices. The vulnerability stems from the program not fully performing input verification. Multiple Huawei products are prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the system, denying service to legitimate users",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8172",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "99370",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "id": "VAR-201711-0935",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          }
        ],
        "trust": 1.2523158075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:32:02.137000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170628-01-isub",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en"
          },
          {
            "title": "HuaweiVicky-AL00A and Victoria-AL00A mobile phone isub service denial of service vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/97803"
          },
          {
            "title": "Huawei Vicky-AL00A  and Victoria-AL00A Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71407"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-129",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99370"
          },
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8172"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8172"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170628-01-isub-en"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "db": "BID",
            "id": "99370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "date": "2017-07-03T00:00:00",
            "db": "BID",
            "id": "99370"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "date": "2017-07-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          },
          {
            "date": "2017-11-22T19:29:04.053000",
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-13795"
          },
          {
            "date": "2017-07-03T00:00:00",
            "db": "BID",
            "id": "99370"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8172"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Plus and  P10 Vulnerability related to array index verification in smartphones",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010801"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-070"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0982

    Vulnerability from variot - Updated: 2025-04-20 23:29

    Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. plural Huawei Smartphone software contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP9 and other are all Huawei smartphones from China. There are resource consumption vulnerabilities in various Huawei phones. Huawei Honor Play 5A, etc. are all smartphone products of the Chinese company Huawei. The following products and versions are affected: Huawei Honor Play 5A CAM-L03C605B143CUSTC605D003 and earlier versions; Honor 8 Youth Edition Prague-L03C605B161 and earlier Prague-L23C605B160 versions; Mate9 MHA-AL00C00B225 and earlier versions; Mate9 Pro LON-AL00C00B225 Versions before; P10 VTR-AL00C00B167 and VTR-TL00C01B167; P10 Plus VKY-AL00C00B167 and VKY-TL00C01B167

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0982",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "honor 5a",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "cam-l03c605b143custc605d003"
          },
          {
            "model": "honor 8 lite",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "prague-l03c605b161"
          },
          {
            "model": "honor 8 lite",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "prague-l23c605b160"
          },
          {
            "model": "mate 9 pro",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "lon-al00c00b225"
          },
          {
            "model": "mate 9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "mha-al00c00b225"
          },
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b167"
          },
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-tl00c01b167"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b167"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-tl00c01b167"
          },
          {
            "model": "p10 plus vky-al00c00b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 plus vky-tl00c01b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 vtr-al00c00b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 vtr-tl00c01b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "mate \u003cmha-al00c00b225",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9"
          },
          {
            "model": "mate pro lon-al00c00b225",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "9\u003c"
          },
          {
            "model": "honor 5a cam-l03c605b143custc605d003",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "honor youth edition prague-l03c605b161",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "8\u003c"
          },
          {
            "model": "honor youth edition prague-l23c605b160",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "huawei",
            "version": "8\u003c"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:honor_5a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:honor_8_lite_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Erez Yalon of Checkmarx",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-8144",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-8144",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-19186",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-116347",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-8144",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8144",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8144",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-19186",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-140",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116347",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. plural Huawei Smartphone software contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP9 and other are all Huawei smartphones from China. There are resource consumption vulnerabilities in various Huawei phones. Huawei Honor Play 5A, etc. are all smartphone products of the Chinese company Huawei. The following products and versions are affected: Huawei Honor Play 5A CAM-L03C605B143CUSTC605D003 and earlier versions; Honor 8 Youth Edition Prague-L03C605B161 and earlier Prague-L23C605B160 versions; Mate9 MHA-AL00C00B225 and earlier versions; Mate9 Pro LON-AL00C00B225 Versions before; P10 VTR-AL00C00B167 and VTR-TL00C01B167; P10 Plus VKY-AL00C00B167 and VKY-TL00C01B167",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8144",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "id": "VAR-201711-0982",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          }
        ],
        "trust": 1.468724446
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:29:31.379000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170725-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en"
          },
          {
            "title": "Patches for resource consumption vulnerabilities in various Huawei phones",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/99591"
          },
          {
            "title": "Multiple Huawei Mobile phone security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72382"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-920",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8144"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8144"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170725-01-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "date": "2017-11-22T19:29:03.117000",
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-19186"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116347"
          },
          {
            "date": "2017-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8144"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Huawei Vulnerability related to resource management in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010809"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-140"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0984

    Vulnerability from variot - Updated: 2025-04-20 23:27

    The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process. HuaweiP10 and P10Plus are both Huawei's smartphone products. Callmodule is one of the call modules. A denial of service vulnerability exists in the talk module in HuaweiP10 and P10Plus

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0984",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b167"
          },
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-tl00c01b167"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b167"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-tl00c01b167"
          },
          {
            "model": "p10 plus vky-al00c00b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 plus vky-tl00c01b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 vtr-al00c00b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 vtr-tl00c01b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8146"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Erez Yalon of Checkmarx",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-8146",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-8146",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-19188",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-8146",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8146",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8146",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-19188",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-138",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8146"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process. HuaweiP10 and P10Plus are both Huawei\u0027s smartphone products. Callmodule is one of the call modules. A denial of service vulnerability exists in the talk module in HuaweiP10 and P10Plus",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8146",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8146"
          }
        ]
      },
      "id": "VAR-201711-0984",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          }
        ],
        "trust": 1.3961128
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:27:14.374000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170725-02-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-02-smartphone-en"
          },
          {
            "title": "Huawei Mobile Call Module Denial of Service Vulnerability (CNVD-2017-19188) patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/99590"
          },
          {
            "title": "Huawei P10  and P10 Plus Repair measures for call module security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72380"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8146"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-02-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8146"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8146"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170725-02-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8146"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8146"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          },
          {
            "date": "2017-11-22T19:29:03.193000",
            "db": "NVD",
            "id": "CVE-2017-8146"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-19188"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          },
          {
            "date": "2017-08-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8146"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 and  P10 Plus Input Confirmation Vulnerability in Smartphone Software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010729"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-138"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0242

    Vulnerability from variot - Updated: 2025-04-20 23:24

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0242",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b123"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b123"
          },
          {
            "model": "vicky-al00a \u003cvicky-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a \u003cvictoria-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "victoria-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ADLab of Venustech.",
        "sources": [
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-2726",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-2726",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-04679",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2017-2726",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2726",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-2726",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04679",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-964",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2726",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. \nLocal attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2726",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "97696",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "id": "VAR-201711-0242",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          }
        ],
        "trust": 1.2523158075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:24:51.221000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170405-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "title": "There are multiple buffer overflow vulnerabilities (CNVD-2017-04679) patch for Huawei Mobile Bastet component.",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/92019"
          },
          {
            "title": "Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75151"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/97696"
          },
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2726"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2726"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          },
          {
            "date": "2017-11-22T19:29:01.583000",
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04679"
          },
          {
            "date": "2017-12-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2726"
          },
          {
            "date": "2017-04-18T00:07:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2726"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Plus and  P10 Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010610"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-964"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0240

    Vulnerability from variot - Updated: 2025-04-20 23:24

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0240",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b123"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b123"
          },
          {
            "model": "vicky-al00a \u003cvicky-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a \u003cvictoria-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "victoria-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ADLab of Venustech.",
        "sources": [
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-2724",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-2724",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-04677",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2017-2724",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2724",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-2724",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04677",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-962",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2724",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2724",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "97696",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "id": "VAR-201711-0240",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          }
        ],
        "trust": 1.2523158075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:24:51.179000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170405-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "title": "There are multiple buffer overflow vulnerabilities in Huawei\u0027s mobile Bastet component.",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/92017"
          },
          {
            "title": "Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75149"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/97696"
          },
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2724"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2724"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "date": "2017-11-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          },
          {
            "date": "2017-11-22T19:29:01.507000",
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04677"
          },
          {
            "date": "2017-12-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2724"
          },
          {
            "date": "2017-04-18T00:07:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2724"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Plus and  P10 Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010608"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-962"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0241

    Vulnerability from variot - Updated: 2025-04-20 23:24

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0241",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b123"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b123"
          },
          {
            "model": "vicky-al00a \u003cvicky-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a \u003cvictoria-al00ac00b123",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "victoria-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "victoria-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          },
          {
            "model": "vicky-al00ac00b123",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ADLab of Venustech.",
        "sources": [
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-2725",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-2725",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-04678",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-2725",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2725",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-2725",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04678",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-963",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei\u0027s smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. \nLocal attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2725",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "97696",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "id": "VAR-201711-0241",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          }
        ],
        "trust": 1.2523158075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:24:51.147000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170405-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "title": "There are multiple buffer overflow vulnerabilities (CNVD-2017-04678) patches for Huawei Mobile Bastet components.",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/92018"
          },
          {
            "title": "Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75150"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/97696"
          },
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2725"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2725"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "db": "BID",
            "id": "97696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          },
          {
            "date": "2017-11-22T19:29:01.537000",
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04678"
          },
          {
            "date": "2017-04-18T00:07:00",
            "db": "BID",
            "id": "97696"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2725"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Plus and  P10 Buffer error vulnerability in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010609"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-963"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0983

    Vulnerability from variot - Updated: 2025-04-20 23:23

    The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process. HuaweiP10 and P10Plus are both Huawei's smartphone products. Callmodule is one of the call modules. A denial of service vulnerability exists in the talk module in HuaweiP10 and P10Plus

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0983",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-al00c00b167"
          },
          {
            "model": "p10 plus",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vky-tl00c01b167"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-al00c00b167"
          },
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "vtr-tl00c01b167"
          },
          {
            "model": "p10 plus vky-al00c00b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 plus vky-tl00c01b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 vtr-al00c00b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "p10 vtr-tl00c01b167",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8145"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Erez Yalon of Checkmarx",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-8145",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-8145",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-19187",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-8145",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8145",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8145",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-19187",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-139",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8145"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process. HuaweiP10 and P10Plus are both Huawei\u0027s smartphone products. Callmodule is one of the call modules. A denial of service vulnerability exists in the talk module in HuaweiP10 and P10Plus",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8145",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8145"
          }
        ]
      },
      "id": "VAR-201711-0983",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          }
        ],
        "trust": 1.3961128
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:23:29.406000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20170725-02-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-02-smartphone-en"
          },
          {
            "title": "Huawei mobile phone call module denial of service vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/99589"
          },
          {
            "title": "Huawei P10  and P10 Plus Repair measures for call module security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72381"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8145"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-02-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8145"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8145"
          },
          {
            "trust": 0.6,
            "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170725-02-smartphone-cn"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8145"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8145"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "date": "2017-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          },
          {
            "date": "2017-11-22T19:29:03.163000",
            "db": "NVD",
            "id": "CVE-2017-8145"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-19187"
          },
          {
            "date": "2017-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          },
          {
            "date": "2017-08-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8145"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 and  P10 Plus Vulnerability related to input validation in smartphone software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010728"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-139"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-1117

    Vulnerability from variot - Updated: 2024-11-23 22:30

    P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak. HuaweiP10 is a smartphone product of China's Huawei company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-1117",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "p10",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "victoria-al00ac00b217"
          },
          {
            "model": "p10 \u003cvictoria-al00ac00b217",
            "scope": null,
            "trust": 0.6,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7938"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:huawei:p10_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          }
        ]
      },
      "cve": "CVE-2018-7938",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-7938",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-16537",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-7938",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7938",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7938",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-16537",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201808-862",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7938"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak. HuaweiP10 is a smartphone product of China\u0027s Huawei company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7938"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7938",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7938"
          }
        ]
      },
      "id": "VAR-201809-1117",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          }
        ],
        "trust": 1.1625
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:30:17.134000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180827-01-smartphone",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-smartphone-en"
          },
          {
            "title": "HuaweiP10 Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/138569"
          },
          {
            "title": "Huawei P10 Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84315"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7938"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.2,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180827-01-smartphone-cn"
          },
          {
            "trust": 1.0,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-smartphone-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7938"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7938"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7938"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7938"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "date": "2018-11-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "date": "2018-08-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          },
          {
            "date": "2018-09-04T16:29:00.880000",
            "db": "NVD",
            "id": "CVE-2018-7938"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "date": "2018-11-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-009496"
          },
          {
            "date": "2018-08-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          },
          {
            "date": "2024-11-21T04:12:59.470000",
            "db": "NVD",
            "id": "CVE-2018-7938"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei P10 Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16537"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-862"
          }
        ],
        "trust": 0.6
      }
    }