Sign-up

ID

VAR-201711-0244


CVE

CVE-2017-2728


TITLE

Huawei smartphone Honor 6X Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-010730

DESCRIPTION

Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen. Huawei smartphone Honor 6X Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiHonor6X is a smartphone from China's Huawei company. Multiple Huawei Honor are prone to a local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions. Huawei Honor6X Berlin-L22C636B150 and prior versions are affected

Trust: 2.52

sources: NVD: CVE-2017-2728 // JVNDB: JVNDB-2017-010730 // CNVD: CNVD-2017-04421 // BID: 97042 // VULHUB: VHN-110931

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04421

AFFECTED PRODUCTS

vendor:huaweimodel:honor 6xscope:lteversion:berlin-l22c636b150

Trust: 1.8

vendor:huaweimodel:honor <=berlin-l22c636b150scope:eqversion:6x

Trust: 0.6

vendor:huaweimodel:honor 6xscope:eqversion:berlin-l22c636b150

Trust: 0.6

vendor:huaweimodel:honor berlin-l22c636b150scope:eqversion:6x

Trust: 0.3

vendor:huaweimodel:honor berlin-l22c636b160scope:neversion:6x

Trust: 0.3

sources: CNVD: CNVD-2017-04421 // BID: 97042 // JVNDB: JVNDB-2017-010730 // CNNVD: CNNVD-201703-1069 // NVD: CVE-2017-2728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2728
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2728
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-04421
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-1069
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110931
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2728
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04421
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110931
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2728
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04421 // VULHUB: VHN-110931 // JVNDB: JVNDB-2017-010730 // CNNVD: CNNVD-201703-1069 // NVD: CVE-2017-2728

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-110931 // JVNDB: JVNDB-2017-010730 // NVD: CVE-2017-2728

THREAT TYPE

local

Trust: 0.9

sources: BID: 97042 // CNNVD: CNNVD-201703-1069

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-1069

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010730

PATCH
title:huawei-sa-20170323-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en
Trust: 0.8
title:HuaweiHonor6X security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/91755
Trust: 0.6
title:Huawei Honor6X Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68752
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04421 // 
            
            
            
            JVNDB: JVNDB-2017-010730 // 
            
            
            
            CNNVD: CNNVD-201703-1069

EXTERNAL IDS
db:NVDid:CVE-2017-2728
Trust: 3.4
db:BIDid:97042
Trust: 2.6
db:JVNDBid:JVNDB-2017-010730
Trust: 0.8
db:CNNVDid:CNNVD-201703-1069
Trust: 0.7
db:CNVDid:CNVD-2017-04421
Trust: 0.6
db:VULHUBid:VHN-110931
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04421 // 
            
            
            
            VULHUB: VHN-110931 // 
            
            
            
            BID: 97042 // 
            
            
            
            JVNDB: JVNDB-2017-010730 // 
            
            
            
            CNNVD: CNNVD-201703-1069 // 
            
            
            
            NVD: CVE-2017-2728

REFERENCES
url:http://www.securityfocus.com/bid/97042
Trust: 1.7
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2728
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2728
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170323-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170323-01-smartphone-en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04421 // 
            
            
            
            VULHUB: VHN-110931 // 
            
            
            
            BID: 97042 // 
            
            
            
            JVNDB: JVNDB-2017-010730 // 
            
            
            
            CNNVD: CNNVD-201703-1069 // 
            
            
            
            NVD: CVE-2017-2728

CREDITS
Nicky of Tencent Security Platform Department.
Trust: 0.9
sources:
            
            
            BID: 97042 // 
            
            
            
            CNNVD: CNNVD-201703-1069

SOURCES
db:CNVDid:CNVD-2017-04421
db:VULHUBid:VHN-110931
db:BIDid:97042
db:JVNDBid:JVNDB-2017-010730
db:CNNVDid:CNNVD-201703-1069
db:NVDid:CVE-2017-2728

LAST UPDATE DATE
2025-04-20T23:42:55.318000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04421date:2017-04-13T00:00:00
db:VULHUBid:VHN-110931date:2019-10-03T00:00:00
db:BIDid:97042date:2017-03-29T00:01:00
db:JVNDBid:JVNDB-2017-010730date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201703-1069date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2728date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04421date:2017-04-12T00:00:00
db:VULHUBid:VHN-110931date:2017-11-22T00:00:00
db:BIDid:97042date:2017-03-23T00:00:00
db:JVNDBid:JVNDB-2017-010730date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201703-1069date:2017-03-28T00:00:00
db:NVDid:CVE-2017-2728date:2017-11-22T19:29:01.663