Search criteria
1 vulnerability found for prague-l31 by huawei
VAR-201805-0209
Vulnerability from variot - Updated: 2024-11-23 22:52Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. plural Huawei Smartphones contain a vulnerability related to input confirmation.Information may be obtained. HuaweiBerlin-L21HN and Prague-AL00A are all smartphone products of China Huawei. There are information disclosure vulnerabilities in various Huawei phones. Successful use of this vulnerability may result in partial disclosure of information due to failure to adequately verify the message
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prague-tl00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "tl00ac01b223"
},
{
"model": "prague-tl10a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "tl00ac01b223"
},
{
"model": "prague-al00c",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "al00cc00b223"
},
{
"model": "prague-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "al00ac00b223"
},
{
"model": "prague-l31",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "l31c432b208"
},
{
"model": "prague-al00b",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "al00bc00b223"
},
{
"model": "berlin-l21hn",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "l21hnc185b381"
},
{
"model": "berlin-l21hn",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00b",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00c",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-l31",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-tl00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-tl10a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "berlin-l21hn the versions before berlin-l21hnc185b381",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00c the versions before prague-al00cc00b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-l31 the versions before prague-l31c432b208",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-tl00a the versions before prague-tl00ac01b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-tl10a the versions before prague-tl00ac01b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00a the versions before prague-al00ac00b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00b the versions before prague-al00bc00b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:berlin-l21hn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-al00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-al00b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-al00c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-l31_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-tl00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-tl10a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
}
]
},
"cve": "CVE-2017-17158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12842",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2017-17158",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17158",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17158",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-12842",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-315",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user\u0027s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. plural Huawei Smartphones contain a vulnerability related to input confirmation.Information may be obtained. HuaweiBerlin-L21HN and Prague-AL00A are all smartphone products of China Huawei. There are information disclosure vulnerabilities in various Huawei phones. Successful use of this vulnerability may result in partial disclosure of information due to failure to adequately verify the message",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17158"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNVD",
"id": "CNVD-2018-12842"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17158",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-12842",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"id": "VAR-201805-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
}
]
},
"last_update_date": "2024-11-23T22:52:05.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180523-01-phone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
},
{
"title": "Patches for multiple Huawei mobile phone information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/134013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17158"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17158"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180523-01-phone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"date": "2017-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"date": "2018-05-24T14:29:00.250000",
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"date": "2024-11-21T03:17:36.397000",
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Vulnerability related to input confirmation in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
}
],
"trust": 0.6
}
}