VAR-201802-0439
Vulnerability from variot - Updated: 2024-11-23 22:45Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart. HuaweiMT8-EMUI4.1 and NTS-AL00 are all smartphones of China's Huawei company. HuaweiMT8-EMUI4.1 and NTS-AL00 have a denial of service vulnerability. Both Huawei MT8-EMUI4.1 and NTS-AL00 are smartphone products of China Huawei (Huawei). The following products and versions are affected: Huawei MT8-EMUI4.1 NXT-AL10C00B386 version, NXT-CL00C92B386 version, NXT-DL00C17B386 version, NXT-TL00C01B386SP01 version; NTS-AL00 NTS-AL00C00B535 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mt8-emui4.1",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "nxt-al10c00b386"
},
{
"model": "mt8-emui4.1",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "nxt-cl00c92b386"
},
{
"model": "mt8-emui4.1",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "nxt-dl00c17b386"
},
{
"model": "mt8-emui4.1",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "nxt-tl00c01b386sp01"
},
{
"model": "nts-al00",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "nts-al00c00b535"
},
{
"model": "nts-al00 nts-al00c00b535",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "mt8-emui4.1 nxt-al10c00b386",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "mt8-emui4.1 nxt-cl00c92b386",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "mt8-emui4.1 nxt-dl00c17b386",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "mt8-emui4.1 nxt-tl00c01b386sp01",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-314"
},
{
"db": "NVD",
"id": "CVE-2017-17159"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mt8-emui4.1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:nts-al00_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
}
]
},
"cve": "CVE-2017-17159",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-17159",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-38524",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-108153",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-17159",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17159",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17159",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-38524",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-314",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108153",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"db": "VULHUB",
"id": "VHN-108153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-314"
},
{
"db": "NVD",
"id": "CVE-2017-17159"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart. HuaweiMT8-EMUI4.1 and NTS-AL00 are all smartphones of China\u0027s Huawei company. HuaweiMT8-EMUI4.1 and NTS-AL00 have a denial of service vulnerability. Both Huawei MT8-EMUI4.1 and NTS-AL00 are smartphone products of China Huawei (Huawei). The following products and versions are affected: Huawei MT8-EMUI4.1 NXT-AL10C00B386 version, NXT-CL00C92B386 version, NXT-DL00C17B386 version, NXT-TL00C01B386SP01 version; NTS-AL00 NTS-AL00C00B535 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17159"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"db": "VULHUB",
"id": "VHN-108153"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17159",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-314",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38524",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108153",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"db": "VULHUB",
"id": "VHN-108153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-314"
},
{
"db": "NVD",
"id": "CVE-2017-17159"
}
]
},
"id": "VAR-201802-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"db": "VULHUB",
"id": "VHN-108153"
}
],
"trust": 1.65
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38524"
}
]
},
"last_update_date": "2024-11-23T22:45:26.839000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171220-02-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"
},
{
"title": "Patch for HuaweiMT8-EMUI4.1 and NTS-AL00 Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/112241"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"db": "NVD",
"id": "CVE-2017-17159"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17159"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17159"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-02-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"db": "VULHUB",
"id": "VHN-108153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-314"
},
{
"db": "NVD",
"id": "CVE-2017-17159"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"db": "VULHUB",
"id": "VHN-108153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-314"
},
{
"db": "NVD",
"id": "CVE-2017-17159"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"date": "2018-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-108153"
},
{
"date": "2018-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"date": "2017-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-314"
},
{
"date": "2018-02-15T16:29:01.970000",
"db": "NVD",
"id": "CVE-2017-17159"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38524"
},
{
"date": "2018-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-108153"
},
{
"date": "2018-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012676"
},
{
"date": "2018-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-314"
},
{
"date": "2024-11-21T03:17:36.523000",
"db": "NVD",
"id": "CVE-2017-17159"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-314"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Vulnerability related to input validation in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012676"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-314"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…