Sign-up

ID

VAR-201711-0241


CVE

CVE-2017-2725


TITLE

Huawei P10 Plus and P10 Buffer error vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010609

DESCRIPTION

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 2.43

sources: NVD: CVE-2017-2725 // JVNDB: JVNDB-2017-010609 // CNVD: CNVD-2017-04678 // BID: 97696

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04678

AFFECTED PRODUCTS

vendor:huaweimodel:p10 plusscope:ltversion:vky-al00c00b123

Trust: 1.8

vendor:huaweimodel:p10scope:ltversion:vtr-al00c00b123

Trust: 1.8

vendor:huaweimodel:vicky-al00a <vicky-al00ac00b123scope: - version: -

Trust: 0.6

vendor:huaweimodel:victoria-al00a <victoria-al00ac00b123scope: - version: -

Trust: 0.6

vendor:huaweimodel:victoria-al00ascope:eqversion:0

Trust: 0.3

vendor:huaweimodel:vicky-al00ascope:eqversion:0

Trust: 0.3

vendor:huaweimodel:victoria-al00ac00b123scope:neversion:0

Trust: 0.3

vendor:huaweimodel:vicky-al00ac00b123scope:neversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-04678 // BID: 97696 // JVNDB: JVNDB-2017-010609 // NVD: CVE-2017-2725

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2725
value: HIGH

Trust: 1.0

NVD: CVE-2017-2725
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04678
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-963
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2017-2725
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04678
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2725
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04678 // JVNDB: JVNDB-2017-010609 // CNNVD: CNNVD-201704-963 // NVD: CVE-2017-2725

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-010609 // NVD: CVE-2017-2725

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-963

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-963

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010609

PATCH
title:huawei-sa-20170405-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en
Trust: 0.8
title:There are multiple buffer overflow vulnerabilities (CNVD-2017-04678) patches for Huawei Mobile Bastet components.url:https://www.cnvd.org.cn/patchInfo/show/92018
Trust: 0.6
title:Huawei Vicky-AL00A  and Victoria-AL00A Bastet Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75150
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04678 // 
            
            
            
            JVNDB: JVNDB-2017-010609 // 
            
            
            
            CNNVD: CNNVD-201704-963

EXTERNAL IDS
db:NVDid:CVE-2017-2725
Trust: 3.3
db:BIDid:97696
Trust: 1.9
db:JVNDBid:JVNDB-2017-010609
Trust: 0.8
db:CNVDid:CNVD-2017-04678
Trust: 0.6
db:CNNVDid:CNNVD-201704-963
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04678 // 
            
            
            
            BID: 97696 // 
            
            
            
            JVNDB: JVNDB-2017-010609 // 
            
            
            
            CNNVD: CNNVD-201704-963 // 
            
            
            
            NVD: CVE-2017-2725

REFERENCES
url:http://www.securityfocus.com/bid/97696
Trust: 1.6
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2725
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2725
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170405-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-01-smartphone-en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04678 // 
            
            
            
            BID: 97696 // 
            
            
            
            JVNDB: JVNDB-2017-010609 // 
            
            
            
            CNNVD: CNNVD-201704-963 // 
            
            
            
            NVD: CVE-2017-2725

CREDITS
ADLab of Venustech.
Trust: 0.9
sources:
            
            
            BID: 97696 // 
            
            
            
            CNNVD: CNNVD-201704-963

SOURCES
db:CNVDid:CNVD-2017-04678
db:BIDid:97696
db:JVNDBid:JVNDB-2017-010609
db:CNNVDid:CNNVD-201704-963
db:NVDid:CVE-2017-2725

LAST UPDATE DATE
2025-04-20T23:24:51.147000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04678date:2017-04-19T00:00:00
db:BIDid:97696date:2017-04-18T00:07:00
db:JVNDBid:JVNDB-2017-010609date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201704-963date:2017-12-26T00:00:00
db:NVDid:CVE-2017-2725date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04678date:2017-04-19T00:00:00
db:BIDid:97696date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-010609date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201704-963date:2017-04-05T00:00:00
db:NVDid:CVE-2017-2725date:2017-11-22T19:29:01.537