VAR-201704-0295
Vulnerability from variot - Updated: 2025-04-20 23:32Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. HuaweiP7 and P8 Youth Edition are both Huawei's smartphone devices. An attacker could use the vulnerability to enter an illegal parameter into the camera driver by tricking the user into installing a malicious application and obtaining the system or camera privileges of the device, causing the system to crash. The following products and versions are affected: Huawei P7 earlier than P7-L00C17B851, earlier than P7-L05C00B851, earlier than P7-L09C92B851; P8 Youth Edition earlier than ALE-UL00B211
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p8 ale-ul00",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "p7",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "*"
},
{
"model": "p7",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "p7-l00c17b851"
},
{
"model": "p7",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "p7-l05c00b851"
},
{
"model": "p7",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "p7-l09c92b851"
},
{
"model": "p8 ale-ul00",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "ale-ul00b211"
},
{
"model": "p7 \u003cp7-l00c17b851",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p7 \u003cp7-l05c00b851",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p7 \u003cp7-l09c92b851",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 ale-ul00 \u003cale-ul00b211",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p7",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-764"
},
{
"db": "NVD",
"id": "CVE-2015-8223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:p7_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p8_ale-ul00_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
}
]
},
"cve": "CVE-2015-8223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-8223",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-08780",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-86184",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2015-8223",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8223",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-8223",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-08780",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-764",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86184",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"db": "VULHUB",
"id": "VHN-86184"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-764"
},
{
"db": "NVD",
"id": "CVE-2015-8223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. HuaweiP7 and P8 Youth Edition are both Huawei\u0027s smartphone devices. An attacker could use the vulnerability to enter an illegal parameter into the camera driver by tricking the user into installing a malicious application and obtaining the system or camera privileges of the device, causing the system to crash. The following products and versions are affected: Huawei P7 earlier than P7-L00C17B851, earlier than P7-L05C00B851, earlier than P7-L09C92B851; P8 Youth Edition earlier than ALE-UL00B211",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8223"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"db": "VULHUB",
"id": "VHN-86184"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8223",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-764",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-08780",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-86184",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"db": "VULHUB",
"id": "VHN-86184"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-764"
},
{
"db": "NVD",
"id": "CVE-2015-8223"
}
]
},
"id": "VAR-201704-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"db": "VULHUB",
"id": "VHN-86184"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08780"
}
]
},
"last_update_date": "2025-04-20T23:32:14.524000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151106-01-Camera",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-460489"
},
{
"title": "HuaweiP7 and P8 Youth Edition Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95000"
},
{
"title": "Huawei P7 and P8 Youth version security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70695"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-275",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86184"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"db": "NVD",
"id": "CVE-2015-8223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460489.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8223"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8223"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"db": "VULHUB",
"id": "VHN-86184"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-764"
},
{
"db": "NVD",
"id": "CVE-2015-8223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"db": "VULHUB",
"id": "VHN-86184"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-764"
},
{
"db": "NVD",
"id": "CVE-2015-8223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-86184"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-764"
},
{
"date": "2017-04-13T14:59:00.933000",
"db": "NVD",
"id": "CVE-2015-8223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08780"
},
{
"date": "2017-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-86184"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007526"
},
{
"date": "2017-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-764"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-8223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-764"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P7 and P8 ALE-UL00 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007526"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-764"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…