Vulnerability-Lookup

CVE-2017-15309 (GCVE-0-2017-15309)

Vulnerability from cvelistv5 – Published: 2017-12-22 17:00 – Updated: 2024-09-16 22:30

Summary

Severity ?

No CVSS data available.

CWE

path traversal

Assigner

huawei

References

URL

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	iReader	Affected: before 8.0.2.301

GHSA-39JQ-P97C-G7GH

Vulnerability from github – Published: 2022-05-14 03:53 – Updated: 2022-05-14 03:53

Details

Severity ?

7.1 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-15309"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-22T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.",
  "id": "GHSA-39jq-p97c-g7gh",
  "modified": "2022-05-14T03:53:40Z",
  "published": "2022-05-14T03:53:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15309"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-15309

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2017-15309

Aliases

CVE-2017-15309

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-15309",
    "description": "Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.",
    "id": "GSD-2017-15309"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-15309"
      ],
      "details": "Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.",
      "id": "GSD-2017-15309",
      "modified": "2023-12-13T01:20:59.103459Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "DATE_PUBLIC": "2017-11-20T00:00:00",
        "ID": "CVE-2017-15309",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iReader",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 8.0.2.301"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "path traversal"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:ireader:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.2.301",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-15309"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2018-01-05T16:17Z",
      "publishedDate": "2017-12-22T17:29Z"
    }
  }
}

CNVD-2017-35252

Vulnerability from cnvd - Published: 2017-11-28

Title

华为掌阅APP路径遍历漏洞

Description

华为阅读是华为手机内置的手机阅读软件。华为掌阅APP存在路径遍历漏洞，该漏洞是由于软件未能充分校验文件存储路径。攻击者利用该漏洞将下载的恶意文件保存到指定的任意目录，影响系统数据的可用性。

Severity

高

Patch Name

华为掌阅APP路径遍历漏洞的补丁

Patch Description

华为阅读是华为手机内置的手机阅读软件。华为掌阅APP存在路径遍历漏洞，该漏洞是由于软件未能充分校验文件存储路径。攻击者利用该漏洞将下载的恶意文件保存到指定的任意目录，影响系统数据的可用性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-cn

Impacted products

Name
Huawei 华为掌阅APP <8.0.2.301

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15309"
    }
  },
  "description": "\u534e\u4e3a\u9605\u8bfb\u662f\u534e\u4e3a\u624b\u673a\u5185\u7f6e\u7684\u624b\u673a\u9605\u8bfb\u8f6f\u4ef6\u3002\r\n\r\n\u534e\u4e3a\u638c\u9605APP\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u8f6f\u4ef6\u672a\u80fd\u5145\u5206\u6821\u9a8c\u6587\u4ef6\u5b58\u50a8\u8def\u5f84\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u4e0b\u8f7d\u7684\u6076\u610f\u6587\u4ef6\u4fdd\u5b58\u5230\u6307\u5b9a\u7684\u4efb\u610f\u76ee\u5f55\uff0c\u5f71\u54cd\u7cfb\u7edf\u6570\u636e\u7684\u53ef\u7528\u6027\u3002",
  "discovererName": "MWR Labs",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-35252",
  "openTime": "2017-11-28",
  "patchDescription": "\u534e\u4e3a\u9605\u8bfb\u662f\u534e\u4e3a\u624b\u673a\u5185\u7f6e\u7684\u624b\u673a\u9605\u8bfb\u8f6f\u4ef6\u3002\r\n\r\n\u534e\u4e3a\u638c\u9605APP\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u8f6f\u4ef6\u672a\u80fd\u5145\u5206\u6821\u9a8c\u6587\u4ef6\u5b58\u50a8\u8def\u5f84\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u4e0b\u8f7d\u7684\u6076\u610f\u6587\u4ef6\u4fdd\u5b58\u5230\u6307\u5b9a\u7684\u4efb\u610f\u76ee\u5f55\uff0c\u5f71\u54cd\u7cfb\u7edf\u6570\u636e\u7684\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3a\u638c\u9605APP\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei \u534e\u4e3a\u638c\u9605APP \u003c8.0.2.301"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-cn",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-23",
  "title": "\u534e\u4e3a\u638c\u9605APP\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

VAR-201712-0796

Vulnerability from variot - Updated: 2025-04-20 23:32

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. Huawei iReader The application contains a path traversal vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the onChapPack function. Huawei iReader is a built-in e-book reading application for Huawei mobile phones produced by China's Huawei (Huawei)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0796",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ireader",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "8.0.2.301"
      },
      {
        "model": "reader",
        "scope": null,
        "trust": 1.4,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-15309"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:huawei:ireader",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MWR Labs - Alex Plaskett James Loureiro Robert Miller and Georgi Geshev",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2017-15309",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-15309",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-15309",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-15309",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-106118",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-15309",
            "impactScore": 4.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-15309",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-15309",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2017-15309",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "ZDI",
            "id": "CVE-2017-15309",
            "trust": 0.7,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-467",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-106118",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "db": "VULHUB",
        "id": "VHN-106118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-467"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-15309"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. Huawei iReader The application contains a path traversal vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the onChapPack function. Huawei iReader is a built-in e-book reading application for Huawei mobile phones produced by China\u0027s Huawei (Huawei)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-15309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "db": "VULHUB",
        "id": "VHN-106118"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-15309",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-5349",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-878",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-5350",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-467",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-106118",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "db": "VULHUB",
        "id": "VHN-106118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-467"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-15309"
      }
    ]
  },
  "id": "VAR-201712-0796",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-106118"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:32:46.789000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20171120-01-hwreader",
        "trust": 2.2,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-106118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-15309"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15309"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15309"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171120-01-hwreader-en"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "db": "VULHUB",
        "id": "VHN-106118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-467"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-15309"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "db": "VULHUB",
        "id": "VHN-106118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-467"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-15309"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-02T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "date": "2018-08-02T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "date": "2017-12-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-106118"
      },
      {
        "date": "2018-01-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "date": "2017-11-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-467"
      },
      {
        "date": "2017-12-22T17:29:12.970000",
        "db": "NVD",
        "id": "CVE-2017-15309"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-02T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-878"
      },
      {
        "date": "2018-08-02T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-874"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-106118"
      },
      {
        "date": "2018-01-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-467"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-15309"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-467"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei iReader Application path traversal vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011592"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-467"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-15309

Vulnerability from fkie_nvd - Published: 2017-12-22 17:29 - Updated: 2025-04-20 01:37

Severity ?

7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Summary

References

	URL	Tags
	psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	ireader	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:ireader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2028F4E-4042-40E1-9A67-84D18B5EED35",
              "versionEndExcluding": "8.0.2.301",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n Huawei iReader en versiones anteriores a la 8.0.2.301 tiene una vulnerabilidad de salto de directorio debida a una validaci\u00f3n insuficiente en las rutas de almacenamiento de archivos. Un atacante puede explotar esta vulnerabilidad para almacenar archivos maliciosos descargados en un directorio arbitrario."
    }
  ],
  "id": "CVE-2017-15309",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-22T17:29:12.970",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-15309 (GCVE-0-2017-15309)

GHSA-39JQ-P97C-G7GH

GSD-2017-15309

CNVD-2017-35252

VAR-201712-0796

FKIE_CVE-2017-15309

Tags

Sightings

Nomenclature