VAR-201704-0504
Vulnerability from variot - Updated: 2025-04-20 23:27Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. Huawei Play 5C is Huawei's smartphone. There is a buffer overflow vulnerability in Huawei's 5C mobile phone TP touch screen driver. Huawei NEM is prone to a local buffer-overflow vulnerability. Local attackers can exploit this issue to run arbitrary code, elevate root privilege or crash the system causing a denial of service condition. The following versions are vulnerable: Huawei NEM versions prior to AL10C00B130 are affected. Huawei NEM versions prior to UL10C17B160 are affected. Huawei NEM versions prior to UL10C00B160 are affected. Huawei NEM versions prior to TL00C01B160 are affected. Huawei NEM versions prior to TL00HC00B160 are affected. Huawei NEM is a smartphone product of China's Huawei (Huawei)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0504",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nem-al10",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "nem-l51",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "nem-l21",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "nem-l22",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "nem-al10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "play 5c \u003cnem-al10c00b130",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "play 5c \u003cnem-ul10c17b160",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "play 5c \u003cnem-ul10c00b160",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "play 5c \u003cnem-tl00c01b160",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "play 5c \u003cnem-tl00hc00b160",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "nem",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "nem ul10c17b160",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "nem ul10c00b160",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "nem tl00hc00b160",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "nem tl00c01b160",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "nem al10c00b130",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"db": "BID",
"id": "94506"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
},
{
"db": "NVD",
"id": "CVE-2016-8775"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:nem-al10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co. Ltd.",
"sources": [
{
"db": "BID",
"id": "94506"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8775",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8775",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2016-11629",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-97595",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2016-8775",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8775",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-8775",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11629",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-659",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97595",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"db": "VULHUB",
"id": "VHN-97595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
},
{
"db": "NVD",
"id": "CVE-2016-8775"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. Huawei Play 5C is Huawei\u0027s smartphone. There is a buffer overflow vulnerability in Huawei\u0027s 5C mobile phone TP touch screen driver. Huawei NEM is prone to a local buffer-overflow vulnerability. \nLocal attackers can exploit this issue to run arbitrary code, elevate root privilege or crash the system causing a denial of service condition. \nThe following versions are vulnerable:\nHuawei NEM versions prior to AL10C00B130 are affected. \nHuawei NEM versions prior to UL10C17B160 are affected. \nHuawei NEM versions prior to UL10C00B160 are affected. \nHuawei NEM versions prior to TL00C01B160 are affected. \nHuawei NEM versions prior to TL00HC00B160 are affected. Huawei NEM is a smartphone product of China\u0027s Huawei (Huawei)",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"db": "BID",
"id": "94506"
},
{
"db": "VULHUB",
"id": "VHN-97595"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8775",
"trust": 3.4
},
{
"db": "BID",
"id": "94506",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11629",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97595",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"db": "VULHUB",
"id": "VHN-97595"
},
{
"db": "BID",
"id": "94506"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
},
{
"db": "NVD",
"id": "CVE-2016-8775"
}
]
},
"id": "VAR-201704-0504",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"db": "VULHUB",
"id": "VHN-97595"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11629"
}
]
},
"last_update_date": "2025-04-20T23:27:26.388000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161123-03-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-en"
},
{
"title": "Huawei Plays 5C Mobile Phone TP Touch Screen Driver Patch with Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84450"
},
{
"title": "Huawei NEM Fixes for local buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65933"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"db": "NVD",
"id": "CVE-2016-8775"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-en"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94506"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8775"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8775"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-03-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"db": "VULHUB",
"id": "VHN-97595"
},
{
"db": "BID",
"id": "94506"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
},
{
"db": "NVD",
"id": "CVE-2016-8775"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"db": "VULHUB",
"id": "VHN-97595"
},
{
"db": "BID",
"id": "94506"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
},
{
"db": "NVD",
"id": "CVE-2016-8775"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97595"
},
{
"date": "2016-11-23T00:00:00",
"db": "BID",
"id": "94506"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"date": "2016-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-659"
},
{
"date": "2017-04-02T20:59:01.470000",
"db": "NVD",
"id": "CVE-2016-8775"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11629"
},
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97595"
},
{
"date": "2016-12-20T02:02:00",
"db": "BID",
"id": "94506"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008217"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-659"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8775"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94506"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei NEM Phone Software Touch Panel Buffer error vulnerability in driver",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-659"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…