Details of VAR-201704-0504

ID

VAR-201704-0504

CVE

CVE-2016-8775

TITLE

Huawei NEM Phone Software Touch Panel Buffer error vulnerability in driver

Trust: 0.8

sources: JVNDB: JVNDB-2016-008217

DESCRIPTION

Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. Huawei Play 5C is Huawei's smartphone. There is a buffer overflow vulnerability in Huawei's 5C mobile phone TP touch screen driver. Huawei NEM is prone to a local buffer-overflow vulnerability. Local attackers can exploit this issue to run arbitrary code, elevate root privilege or crash the system causing a denial of service condition. The following versions are vulnerable: Huawei NEM versions prior to AL10C00B130 are affected. Huawei NEM versions prior to UL10C17B160 are affected. Huawei NEM versions prior to UL10C00B160 are affected. Huawei NEM versions prior to TL00C01B160 are affected. Huawei NEM versions prior to TL00HC00B160 are affected. Huawei NEM is a smartphone product of China's Huawei (Huawei)

Trust: 2.52

sources: NVD: CVE-2016-8775 // JVNDB: JVNDB-2016-008217 // CNVD: CNVD-2016-11629 // BID: 94506 // VULHUB: VHN-97595

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11629

AFFECTED PRODUCTS

vendor:	huawei	model:	nem-al10	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	nem-l51	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	nem-l21	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	nem-l22	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	nem-al10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	play 5c <nem-al10c00b130	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	play 5c <nem-ul10c17b160	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	play 5c <nem-ul10c00b160	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	play 5c <nem-tl00c01b160	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	play 5c <nem-tl00hc00b160	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nem	scope:	eq	version:	0	Trust: 0.3
vendor:	huawei	model:	nem ul10c17b160	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	nem ul10c00b160	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	nem tl00hc00b160	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	nem tl00c01b160	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	nem al10c00b130	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2016-11629 // BID: 94506 // JVNDB: JVNDB-2016-008217 // CNNVD: CNNVD-201611-659 // NVD: CVE-2016-8775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8775
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8775
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-11629
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201611-659
value:	HIGH
Trust: 0.6
VULHUB:	VHN-97595
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8775
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11629
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97595
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8775
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-11629 // VULHUB: VHN-97595 // JVNDB: JVNDB-2016-008217 // CNNVD: CNNVD-201611-659 // NVD: CVE-2016-8775

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-97595 // JVNDB: JVNDB-2016-008217 // NVD: CVE-2016-8775

THREAT TYPE

local

Trust: 0.9

sources: BID: 94506 // CNNVD: CNNVD-201611-659

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201611-659

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008217

PATCH

title:	huawei-sa-20161123-03-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-en	Trust: 0.8
title:	Huawei Plays 5C Mobile Phone TP Touch Screen Driver Patch with Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/84450	Trust: 0.6
title:	Huawei NEM Fixes for local buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65933	Trust: 0.6

sources: CNVD: CNVD-2016-11629 // JVNDB: JVNDB-2016-008217 // CNNVD: CNNVD-201611-659

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8775	Trust: 3.4
db:	BID	id:	94506	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-008217	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-659	Trust: 0.7
db:	CNVD	id:	CNVD-2016-11629	Trust: 0.6
db:	VULHUB	id:	VHN-97595	Trust: 0.1

sources: CNVD: CNVD-2016-11629 // VULHUB: VHN-97595 // BID: 94506 // JVNDB: JVNDB-2016-008217 // CNNVD: CNNVD-201611-659 // NVD: CVE-2016-8775

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/94506	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8775	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8775	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-03-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2016-11629 // VULHUB: VHN-97595 // BID: 94506 // JVNDB: JVNDB-2016-008217 // CNNVD: CNNVD-201611-659 // NVD: CVE-2016-8775

CREDITS

Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co. Ltd.

Trust: 0.9

sources: BID: 94506 // CNNVD: CNNVD-201611-659

SOURCES

db:	CNVD	id:	CNVD-2016-11629
db:	VULHUB	id:	VHN-97595
db:	BID	id:	94506
db:	JVNDB	id:	JVNDB-2016-008217
db:	CNNVD	id:	CNNVD-201611-659
db:	NVD	id:	CVE-2016-8775

LAST UPDATE DATE

2025-04-20T23:27:26.388000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11629	date:	2016-11-29T00:00:00
db:	VULHUB	id:	VHN-97595	date:	2017-04-05T00:00:00
db:	BID	id:	94506	date:	2016-12-20T02:02:00
db:	JVNDB	id:	JVNDB-2016-008217	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201611-659	date:	2016-12-02T00:00:00
db:	NVD	id:	CVE-2016-8775	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-11629	date:	2016-11-28T00:00:00
db:	VULHUB	id:	VHN-97595	date:	2017-04-02T00:00:00
db:	BID	id:	94506	date:	2016-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2016-008217	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201611-659	date:	2016-11-23T00:00:00
db:	NVD	id:	CVE-2016-8775	date:	2017-04-02T20:59:01.470