Lucene search

HuaweiCVE-2017-17201

HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-17201

2018-02-1516:29:02

CWE-20

huawei

web.nvd.nist.gov

huawei

smartphones

software

vulnerability

dos

attacks

input validation

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability. Due to insufficient input validation, an attacker could trick a user to execute a malicious application, which could be exploited by attacker to launch DoS attacks.

Affected configurations

Nvd

Node

huaweibtv-emui5.0_firmwareMatchbtv-dl09c233b350

AND

huaweibtv-emui5.0Match-

Node

huaweiberlin-emui5.0_firmwareMatchberlin-l21hnc432b360

huaweiberlin-emui5.0_firmwareMatchberlin-l22hnc636b360

huaweiberlin-emui5.0_firmwareMatchberlin-l24hnc567b360

AND

huaweiberlin-emui5.0Match-

Node

huaweiberlin-l21_firmwareMatchberlin-l21c10b130

huaweiberlin-l21_firmwareMatchberlin-l21c185b132

huaweiberlin-l21_firmwareMatchberlin-l21c464b130

AND

huaweiberlin-l21Match-

Node

huaweiberlin-l22_firmwareMatchberlin-l22c346b140

huaweiberlin-l22_firmwareMatchberlin-l22c636b160

AND

huaweiberlin-l22Match-

Node

huaweiberlin-l23_firmwareMatchberlin-l23c605b131

huaweiberlin-l23_firmwareMatchberlin-l23domc109b160

AND

huaweiberlin-l23Match-

Node

huaweimha-al00a_firmwareMatchmha-al00ac00b125

AND

huaweimha-al00aMatch-

VendorProductVersionCPE
huaweibtv-emui5.0_firmwarebtv-dl09c233b350cpe:2.3:o:huawei:btv-emui5.0_firmware:btv-dl09c233b350:*:*:*:*:*:*:*
huaweibtv-emui5.0-cpe:2.3:h:huawei:btv-emui5.0:-:*:*:*:*:*:*:*
huaweiberlin-emui5.0_firmwareberlin-l21hnc432b360cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l21hnc432b360:*:*:*:*:*:*:*
huaweiberlin-emui5.0_firmwareberlin-l22hnc636b360cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l22hnc636b360:*:*:*:*:*:*:*
huaweiberlin-emui5.0_firmwareberlin-l24hnc567b360cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l24hnc567b360:*:*:*:*:*:*:*
huaweiberlin-emui5.0-cpe:2.3:h:huawei:berlin-emui5.0:-:*:*:*:*:*:*:*
huaweiberlin-l21_firmwareberlin-l21c10b130cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c10b130:*:*:*:*:*:*:*
huaweiberlin-l21_firmwareberlin-l21c185b132cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c185b132:*:*:*:*:*:*:*
huaweiberlin-l21_firmwareberlin-l21c464b130cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c464b130:*:*:*:*:*:*:*
huaweiberlin-l21-cpe:2.3:h:huawei:berlin-l21:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	btv-emui5.0_firmware	btv-dl09c233b350	cpe:2.3:o:huawei:btv-emui5.0_firmware:btv-dl09c233b350:::::::*
huawei	btv-emui5.0	-	cpe:2.3:h:huawei:btv-emui5.0:-:::::::*
huawei	berlin-emui5.0_firmware	berlin-l21hnc432b360	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l21hnc432b360:::::::*
huawei	berlin-emui5.0_firmware	berlin-l22hnc636b360	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l22hnc636b360:::::::*
huawei	berlin-emui5.0_firmware	berlin-l24hnc567b360	cpe:2.3:o:huawei:berlin-emui5.0_firmware:berlin-l24hnc567b360:::::::*
huawei	berlin-emui5.0	-	cpe:2.3:h:huawei:berlin-emui5.0:-:::::::*
huawei	berlin-l21_firmware	berlin-l21c10b130	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c10b130:::::::*
huawei	berlin-l21_firmware	berlin-l21c185b132	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c185b132:::::::*
huawei	berlin-l21_firmware	berlin-l21c464b130	cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c464b130:::::::*
huawei	berlin-l21	-	cpe:2.3:h:huawei:berlin-l21:-:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "BTV-EMUI5.0,Berlin-EMUI5.0,Berlin-L21,Berlin-L22,Berlin-L23,MHA-AL00A",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

Related for CVE-2017-17201