Sign-up

ID

VAR-201704-0462


CVE

CVE-2014-8571


TITLE

Huawei Ascend P6 Vulnerabilities related to authorization, authority, and access control in mobile phone applications

Trust: 0.8

sources: JVNDB: JVNDB-2014-008277

DESCRIPTION

Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones. HuaweiP6 is a smartphone from China's Huawei company. The EDGE-U00, EDGE-T00 and EDGE-C00 are all versions. HuaweiP6 has a privilege escalation vulnerability. An attacker can use this vulnerability to perform a screen capture operation, causing user information to leak. There is a security flaw in the Huawei P6

Trust: 2.25

sources: NVD: CVE-2014-8571 // JVNDB: JVNDB-2014-008277 // CNVD: CNVD-2017-05969 // VULHUB: VHN-76516

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05969

AFFECTED PRODUCTS

vendor:huaweimodel:ascend p6 edge-c00scope:lteversion:v100r001c92b508sp02

Trust: 1.0

vendor:huaweimodel:ascend p6 edge-t00scope:lteversion:v100r001c01b508sp01

Trust: 1.0

vendor:huaweimodel:ascend p6 edge-u00scope:lteversion:v100r001c17b508sp01

Trust: 1.0

vendor:huaweimodel:edge-c00scope: - version: -

Trust: 0.8

vendor:huaweimodel:edge-t00scope: - version: -

Trust: 0.8

vendor:huaweimodel:edge-u00scope: - version: -

Trust: 0.8

vendor:huaweimodel:p6 <=edge-u00 v100r001c17b508sp01scope: - version: -

Trust: 0.6

vendor:huaweimodel:p6 <=edge-t00 v100r001c01b508sp01scope: - version: -

Trust: 0.6

vendor:huaweimodel:p6 <=edge-c00 v100r001c92b508sp02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ascend p6 edge-t00scope:eqversion:v100r001c01b508sp01

Trust: 0.6

vendor:huaweimodel:ascend p6 edge-c00scope:eqversion:v100r001c92b508sp02

Trust: 0.6

vendor:huaweimodel:ascend p6 edge-u00scope:eqversion:v100r001c17b508sp01

Trust: 0.6

sources: CNVD: CNVD-2017-05969 // JVNDB: JVNDB-2014-008277 // CNNVD: CNNVD-201704-208 // NVD: CVE-2014-8571

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8571
value: LOW

Trust: 1.0

NVD: CVE-2014-8571
value: LOW

Trust: 0.8

CNVD: CNVD-2017-05969
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-208
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76516
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8571
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05969
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-76516
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-8571
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05969 // VULHUB: VHN-76516 // JVNDB: JVNDB-2014-008277 // CNNVD: CNNVD-201704-208 // NVD: CVE-2014-8571

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-76516 // JVNDB: JVNDB-2014-008277 // NVD: CVE-2014-8571

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-208

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201704-208

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008277

PATCH
title:Huawei-SA-20140923-01-P6url:http://www.huawei.com/en/psirt/security-advisories/hw-372118
Trust: 0.8
title:HuaweiP6 privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/93203
Trust: 0.6
title:Huawei P6 Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69054
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05969 // 
            
            
            
            JVNDB: JVNDB-2014-008277 // 
            
            
            
            CNNVD: CNNVD-201704-208

EXTERNAL IDS
db:NVDid:CVE-2014-8571
Trust: 3.1
db:JVNDBid:JVNDB-2014-008277
Trust: 0.8
db:CNVDid:CNVD-2017-05969
Trust: 0.6
db:CNNVDid:CNNVD-201704-208
Trust: 0.6
db:VULHUBid:VHN-76516
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05969 // 
            
            
            
            VULHUB: VHN-76516 // 
            
            
            
            JVNDB: JVNDB-2014-008277 // 
            
            
            
            CNNVD: CNNVD-201704-208 // 
            
            
            
            NVD: CVE-2014-8571

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-372118
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8571
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-8571
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-05969 // 
            
            
            
            VULHUB: VHN-76516 // 
            
            
            
            JVNDB: JVNDB-2014-008277 // 
            
            
            
            CNNVD: CNNVD-201704-208 // 
            
            
            
            NVD: CVE-2014-8571

SOURCES
db:CNVDid:CNVD-2017-05969
db:VULHUBid:VHN-76516
db:JVNDBid:JVNDB-2014-008277
db:CNNVDid:CNNVD-201704-208
db:NVDid:CVE-2014-8571

LAST UPDATE DATE
2025-04-20T23:27:26.451000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05969date:2017-05-05T00:00:00
db:VULHUBid:VHN-76516date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2014-008277date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-208date:2017-04-07T00:00:00
db:NVDid:CVE-2014-8571date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05969date:2017-05-05T00:00:00
db:VULHUBid:VHN-76516date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008277date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-208date:2017-04-07T00:00:00
db:NVDid:CVE-2014-8571date:2017-04-02T20:59:00.377