Details of VAR-201711-0941

ID

VAR-201711-0941

CVE

CVE-2017-8179

TITLE

Huawei Smartphone software MTK Buffer error vulnerability in the platform

Trust: 0.8

sources: JVNDB: JVNDB-2017-010618

DESCRIPTION

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation. Huawei Smartphone software MTK The platform contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Enjoy 6 is a smartphone from China's Huawei company. A buffer overflow vulnerability exists in the Huawei mobile phone driver using the MTK platform. The vulnerability was caused by the device failing to adequately verify user input. Huawei Smart Phones are prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. Versions prior to Nice AL00C00B155 are vulnerable

Trust: 2.43

sources: NVD: CVE-2017-8179 // JVNDB: JVNDB-2017-010618 // CNVD: CNVD-2017-34440 // BID: 101956

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34440

AFFECTED PRODUCTS

vendor:	huawei	model:	mtk platform smart phone	scope:	lt	version:	nice-al00c00b155	Trust: 1.0
vendor:	huawei	model:	smartphone software mtk platform	scope:	lt	version:	nice-al00c00b155	Trust: 0.8
vendor:	huawei	model:	enjoy <nice-al00c00b155	scope:	eq	version:	6	Trust: 0.6
vendor:	huawei	model:	nice	scope:	eq	version:	0	Trust: 0.3
vendor:	huawei	model:	nice al00c00b155	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2017-34440 // BID: 101956 // JVNDB: JVNDB-2017-010618 // NVD: CVE-2017-8179

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8179
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8179
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-34440
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-958
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-8179
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34440
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-8179
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-34440 // JVNDB: JVNDB-2017-010618 // CNNVD: CNNVD-201711-958 // NVD: CVE-2017-8179

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-010618 // NVD: CVE-2017-8179

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-958

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201711-958

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010618

PATCH

title:	huawei-sa-20170919-01-mtk	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en	Trust: 0.8
title:	Huawei enjoys patch of 6MTK platform buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/106332	Trust: 0.6
title:	Huawei Nice-AL00 MTK platform camera Driver Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76668	Trust: 0.6

sources: CNVD: CNVD-2017-34440 // JVNDB: JVNDB-2017-010618 // CNNVD: CNNVD-201711-958

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8179	Trust: 3.3
db:	BID	id:	101956	Trust: 1.3
db:	JVNDB	id:	JVNDB-2017-010618	Trust: 0.8
db:	CNVD	id:	CNVD-2017-34440	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-958	Trust: 0.6

sources: CNVD: CNVD-2017-34440 // BID: 101956 // JVNDB: JVNDB-2017-010618 // CNNVD: CNNVD-201711-958 // NVD: CVE-2017-8179

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en	Trust: 1.9
url:	http://www.securityfocus.com/bid/101956	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8179	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8179	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170919-01-mtk-cn	Trust: 0.6
url:	http://www.huawei.com/en/	Trust: 0.3

sources: CNVD: CNVD-2017-34440 // BID: 101956 // JVNDB: JVNDB-2017-010618 // CNNVD: CNNVD-201711-958 // NVD: CVE-2017-8179

CREDITS

Wenlin Yang, Guang Gong and Hao Chen.

Trust: 0.3

sources: BID: 101956

SOURCES

db:	CNVD	id:	CNVD-2017-34440
db:	BID	id:	101956
db:	JVNDB	id:	JVNDB-2017-010618
db:	CNNVD	id:	CNNVD-201711-958
db:	NVD	id:	CVE-2017-8179

LAST UPDATE DATE

2025-04-20T23:23:29.457000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34440	date:	2017-11-17T00:00:00
db:	BID	id:	101956	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010618	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-958	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8179	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34440	date:	2017-11-17T00:00:00
db:	BID	id:	101956	date:	2017-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-010618	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-958	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8179	date:	2017-11-22T19:29:04.273