VAR-201805-0209
Vulnerability from variot - Updated: 2024-11-23 22:52Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. plural Huawei Smartphones contain a vulnerability related to input confirmation.Information may be obtained. HuaweiBerlin-L21HN and Prague-AL00A are all smartphone products of China Huawei. There are information disclosure vulnerabilities in various Huawei phones. Successful use of this vulnerability may result in partial disclosure of information due to failure to adequately verify the message
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prague-tl00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "tl00ac01b223"
},
{
"model": "prague-tl10a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "tl00ac01b223"
},
{
"model": "prague-al00c",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "al00cc00b223"
},
{
"model": "prague-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "al00ac00b223"
},
{
"model": "prague-l31",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "l31c432b208"
},
{
"model": "prague-al00b",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "al00bc00b223"
},
{
"model": "berlin-l21hn",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "l21hnc185b381"
},
{
"model": "berlin-l21hn",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00b",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00c",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-l31",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-tl00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "prague-tl10a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "berlin-l21hn the versions before berlin-l21hnc185b381",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00c the versions before prague-al00cc00b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-l31 the versions before prague-l31c432b208",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-tl00a the versions before prague-tl00ac01b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-tl10a the versions before prague-tl00ac01b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00a the versions before prague-al00ac00b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "prague-al00b the versions before prague-al00bc00b223",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:berlin-l21hn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-al00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-al00b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-al00c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-l31_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-tl00a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:prague-tl10a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
}
]
},
"cve": "CVE-2017-17158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12842",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2017-17158",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17158",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17158",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-12842",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-315",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user\u0027s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. plural Huawei Smartphones contain a vulnerability related to input confirmation.Information may be obtained. HuaweiBerlin-L21HN and Prague-AL00A are all smartphone products of China Huawei. There are information disclosure vulnerabilities in various Huawei phones. Successful use of this vulnerability may result in partial disclosure of information due to failure to adequately verify the message",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17158"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNVD",
"id": "CNVD-2018-12842"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17158",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-12842",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"id": "VAR-201805-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
}
]
},
"last_update_date": "2024-11-23T22:52:05.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180523-01-phone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
},
{
"title": "Patches for multiple Huawei mobile phone information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/134013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17158"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17158"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180523-01-phone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"date": "2017-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"date": "2018-05-24T14:29:00.250000",
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12842"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013469"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-315"
},
{
"date": "2024-11-21T03:17:36.397000",
"db": "NVD",
"id": "CVE-2017-17158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Vulnerability related to input confirmation in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-315"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…