Sign-up

ID

VAR-201609-0061


CVE

CVE-2016-6182


TITLE

Huawei Honor 4C Smartphone software Camera Service disruption in drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-004557

DESCRIPTION

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6183, and CVE-2016-6184. This vulnerability CVE-2016-6180 , CVE-2016-6181 , CVE-2016-6183 ,and CVE-2016-6184 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlDenial of service operations through a specially crafted application by an attacker ( System crash ) It may be put into a state or it may be authorized. HuaweiHonor4C (Huawei Glory 4C) is a smartphone product from China's Huawei company. The HuaweiHonor4C driver has an input validation vulnerability. An attacker can induce a user to install a malicious application and use the vulnerability to pass specific parameters to the Camera driver, causing a system reboot or user privilege escalation. Huawei Honor 4C is prone to multiple unspecified security vulnerabilities Limited information is currently available regarding these issues. We will update this BID as more information emerges. The following versions are vulnerable: Huawei Honor 4C CHM-UL00C00B535 through CHM-UL00C00B556 Huawei Honor 4C CHM-TL00C01 B535 through CHM-TL00C01B556 Huawei Honor 4C CHM-TL00HC00 B535 through CHM-TL00HC00B556

Trust: 3.06

sources: NVD: CVE-2016-6182 // JVNDB: JVNDB-2016-004557 // CNVD: CNVD-2016-05173 // CNVD: CNVD-2016-05175 // BID: 91807 // VULHUB: VHN-95002

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2016-05173 // CNVD: CNVD-2016-05175

AFFECTED PRODUCTS

vendor:huaweimodel:honor 4cscope:eqversion:chm-tl00hc00b556

Trust: 1.6

vendor:huaweimodel:honor 4cscope:eqversion:chm-ul00c00b556

Trust: 1.6

vendor:huaweimodel:honor 4cscope:eqversion:chm-tl00c01_b535

Trust: 1.6

vendor:huaweimodel:honor 4cscope:eqversion:chm-tl00hc00_b535

Trust: 1.6

vendor:huaweimodel:honor 4cscope:eqversion:chm-ul00c00b535

Trust: 1.6

vendor:huaweimodel:honor 4cscope:eqversion:chm-tl00c01b556

Trust: 1.6

vendor:huaweimodel:honor 4c >chm-ul00c00b535,<chm-ul00c00b556scope: - version: -

Trust: 1.2

vendor:huaweimodel:honor 4c >chm-tl00c01 b535,<chm-tl00c01b556scope: - version: -

Trust: 1.2

vendor:huaweimodel:honor 4c >chm-tl00hc00 b535,<chm-tl00hc00b556scope: - version: -

Trust: 1.2

vendor:huaweimodel:honor 4cscope:ltversion:chm-ul00c00

Trust: 0.8

vendor:huaweimodel:honor 4cscope:eqversion:chm-tl00hc00b564

Trust: 0.8

vendor:huaweimodel:honor 4cscope:ltversion:chm-tl00c00

Trust: 0.8

vendor:huaweimodel:honor 4cscope:eqversion:chm-ul00c00b564

Trust: 0.8

vendor:huaweimodel:honor 4cscope:ltversion:chm-tl00c01

Trust: 0.8

vendor:huaweimodel:honor 4cscope:eqversion:chm-tl00c01b564

Trust: 0.8

vendor:huaweimodel:honor 4cscope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 4c chm-ul00c00b556scope: - version: -

Trust: 0.3

vendor:huaweimodel:honor 4c chm-ul00c00b535scope: - version: -

Trust: 0.3

vendor:huaweimodel:honor 4c chm-tl00hc00b556scope: - version: -

Trust: 0.3

vendor:huaweimodel:honor 4c chm-tl00hc00 b535scope: - version: -

Trust: 0.3

vendor:huaweimodel:honor 4c chm-tl00c01b556scope: - version: -

Trust: 0.3

vendor:huaweimodel:honor 4c chm-tl00c01 b535scope: - version: -

Trust: 0.3

vendor:huaweimodel:honor 4c chm-ul00c00b564scope:neversion: -

Trust: 0.3

vendor:huaweimodel:honor 4c chm-tl00hc00b564scope:neversion: -

Trust: 0.3

vendor:huaweimodel:honor 4c chm-tl00c01b564scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-05173 // CNVD: CNVD-2016-05175 // BID: 91807 // JVNDB: JVNDB-2016-004557 // NVD: CVE-2016-6182 // CNNVD: CNNVD-201607-498

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-6182
value: HIGH

Trust: 1.8

CNVD: CNVD-2016-05173
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2016-05175
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201607-498
value: CRITICAL

Trust: 0.6

VULHUB: VHN-95002
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2016-6182
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-05173
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2016-05175
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95002
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2016-6182
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-05173 // CNVD: CNVD-2016-05175 // VULHUB: VHN-95002 // JVNDB: JVNDB-2016-004557 // NVD: CVE-2016-6182 // CNNVD: CNNVD-201607-498

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-95002 // JVNDB: JVNDB-2016-004557 // NVD: CVE-2016-6182

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-498

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201607-498

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-6182

PATCH
title:huawei-sa-20160716-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en
Trust: 0.8
title:HuaweiHonor4C driver patch for input validation vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/79493
Trust: 0.6
title:HuaweiHonor4C driver input verification vulnerability (CNVD-2016-05175) patchurl:https://www.cnvd.org.cn/patchinfo/show/79495
Trust: 0.6
title:Huawei Honor 4C Fixes for driver input verification security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62993
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-05173 // 
            
            
            
            CNVD: CNVD-2016-05175 // 
            
            
            
            JVNDB: JVNDB-2016-004557 // 
            
            
            
            CNNVD: CNNVD-201607-498

EXTERNAL IDS
db:NVDid:CVE-2016-6182
Trust: 3.4
db:BIDid:91807
Trust: 2.1
db:JVNDBid:JVNDB-2016-004557
Trust: 0.8
db:CNVDid:CNVD-2016-05173
Trust: 0.6
db:CNVDid:CNVD-2016-05175
Trust: 0.6
db:NSFOCUSid:34731
Trust: 0.6
db:CNNVDid:CNNVD-201607-498
Trust: 0.6
db:VULHUBid:VHN-95002
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-05173 // 
            
            
            
            CNVD: CNVD-2016-05175 // 
            
            
            
            VULHUB: VHN-95002 // 
            
            
            
            BID: 91807 // 
            
            
            
            JVNDB: JVNDB-2016-004557 // 
            
            
            
            NVD: CVE-2016-6182 // 
            
            
            
            CNNVD: CNNVD-201607-498

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en
Trust: 3.2
url:http://www.securityfocus.com/bid/91807
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6182
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6182
Trust: 0.8
url:http://www.nsfocus.net/vulndb/34731
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-05173 // 
            
            
            
            CNVD: CNVD-2016-05175 // 
            
            
            
            VULHUB: VHN-95002 // 
            
            
            
            BID: 91807 // 
            
            
            
            JVNDB: JVNDB-2016-004557 // 
            
            
            
            NVD: CVE-2016-6182 // 
            
            
            
            CNNVD: CNNVD-201607-498

CREDITS
Yang Chengming, Yang Chao, You Ning, Xiao Peng and Song Yang of Alibaba Mobile Security Team.
Trust: 0.9
sources:
            
            
            BID: 91807 // 
            
            
            
            CNNVD: CNNVD-201607-498

SOURCES
db:CNVDid:CNVD-2016-05173
db:CNVDid:CNVD-2016-05175
db:VULHUBid:VHN-95002
db:BIDid:91807
db:JVNDBid:JVNDB-2016-004557
db:NVDid:CVE-2016-6182
db:CNNVDid:CNNVD-201607-498

LAST UPDATE DATE
2023-12-18T12:51:30.724000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-05173date:2016-07-22T00:00:00
db:CNVDid:CNVD-2016-05175date:2016-07-22T00:00:00
db:VULHUBid:VHN-95002date:2016-09-08T00:00:00
db:BIDid:91807date:2016-07-16T00:00:00
db:JVNDBid:JVNDB-2016-004557date:2016-09-09T00:00:00
db:NVDid:CVE-2016-6182date:2016-09-08T16:33:56.607
db:CNNVDid:CNNVD-201607-498date:2016-09-08T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-05173date:2016-07-22T00:00:00
db:CNVDid:CNVD-2016-05175date:2016-07-22T00:00:00
db:VULHUBid:VHN-95002date:2016-09-07T00:00:00
db:BIDid:91807date:2016-07-16T00:00:00
db:JVNDBid:JVNDB-2016-004557date:2016-09-09T00:00:00
db:NVDid:CVE-2016-6182date:2016-09-07T19:28:06.833
db:CNNVDid:CNNVD-201607-498date:2016-07-19T00:00:00