Details of VAR-201711-0943

ID

VAR-201711-0943

CVE

CVE-2017-8181

TITLE

Huawei Smartphone software MTK Buffer error vulnerability in the platform

Trust: 0.8

sources: JVNDB: JVNDB-2017-010620

DESCRIPTION

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a arbitrary memory write vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation. Huawei Smartphone software MTK The platform contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Enjoy 6 is a smartphone from China's Huawei company. There is an arbitrary address write vulnerability in the Huawei mobile phone driver using the MTK platform. The vulnerability was caused by the device failing to adequately verify user input

Trust: 2.16

sources: NVD: CVE-2017-8181 // JVNDB: JVNDB-2017-010620 // CNVD: CNVD-2017-34442

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34442

AFFECTED PRODUCTS

vendor:	huawei	model:	mtk platform smart phone	scope:	lt	version:	nice-al00c00b155	Trust: 1.0
vendor:	huawei	model:	smartphone software mtk platform	scope:	lt	version:	nice-al00c00b155	Trust: 0.8
vendor:	huawei	model:	enjoy <nice-al00c00b155	scope:	eq	version:	6	Trust: 0.6

sources: CNVD: CNVD-2017-34442 // JVNDB: JVNDB-2017-010620 // NVD: CVE-2017-8181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8181
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8181
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-34442
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-956
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-8181
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34442
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-8181
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-34442 // JVNDB: JVNDB-2017-010620 // CNNVD: CNNVD-201711-956 // NVD: CVE-2017-8181

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-010620 // NVD: CVE-2017-8181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-956

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201711-956

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010620

PATCH

title:	huawei-sa-20170919-01-mtk	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en	Trust: 0.8
title:	Huawei enjoys the patch of arbitrary address writing vulnerability on 6MTK platform	url:	https://www.cnvd.org.cn/patchInfo/show/106334	Trust: 0.6
title:	Huawei Nice-AL00 MTK platform camera Driver security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76666	Trust: 0.6

sources: CNVD: CNVD-2017-34442 // JVNDB: JVNDB-2017-010620 // CNNVD: CNNVD-201711-956

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8181	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-010620	Trust: 0.8
db:	CNVD	id:	CNVD-2017-34442	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-956	Trust: 0.6

sources: CNVD: CNVD-2017-34442 // JVNDB: JVNDB-2017-010620 // CNNVD: CNNVD-201711-956 // NVD: CVE-2017-8181

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8181	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8181	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170919-01-mtk-cn	Trust: 0.6

sources: CNVD: CNVD-2017-34442 // JVNDB: JVNDB-2017-010620 // CNNVD: CNNVD-201711-956 // NVD: CVE-2017-8181

SOURCES

db:	CNVD	id:	CNVD-2017-34442
db:	JVNDB	id:	JVNDB-2017-010620
db:	CNNVD	id:	CNNVD-201711-956
db:	NVD	id:	CVE-2017-8181

LAST UPDATE DATE

2025-04-20T23:22:08.060000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34442	date:	2017-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-010620	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-956	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8181	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34442	date:	2017-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-010620	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-956	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8181	date:	2017-11-22T19:29:04.350