Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17158

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

Published

2018-05-24T14:29:00.250

Last Modified

2024-11-21T03:17:36.397

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System huawei berlin-l21hn_firmware < l21hnc185b381 Yes
Hardware huawei berlin-l21hn - No
Operating System huawei prague-al00a_firmware < al00ac00b223 Yes
Hardware huawei prague-al00a - No
Operating System huawei prague-al00b_firmware < al00bc00b223 Yes
Hardware huawei prague-al00b - No
Operating System huawei prague-al00c_firmware < al00cc00b223 Yes
Hardware huawei prague-al00c - No
Operating System huawei prague-l31_firmware < l31c432b208 Yes
Hardware huawei prague-l31 - No
Operating System huawei prague-tl00a_firmware < tl00ac01b223 Yes
Hardware huawei prague-tl00a - No
Operating System huawei prague-tl10a_firmware < tl00ac01b223 Yes
Hardware huawei prague-tl10a - No
References