Details of VAR-201711-0945

ID

VAR-201711-0945

CVE

CVE-2017-8183

TITLE

Huawei Smartphone software MTK Information disclosure vulnerability in the platform

Trust: 0.8

sources: JVNDB: JVNDB-2017-010621

DESCRIPTION

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage. Huawei Smartphone software MTK The platform contains an information disclosure vulnerability.Information may be obtained. Huawei Enjoy 6 is a smartphone from China's Huawei company

Trust: 2.16

sources: NVD: CVE-2017-8183 // JVNDB: JVNDB-2017-010621 // CNVD: CNVD-2017-34226

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34226

AFFECTED PRODUCTS

vendor:	huawei	model:	mtk platform smart phone	scope:	lt	version:	nice-al10c00b140	Trust: 1.0
vendor:	huawei	model:	mtk platform smart phone	scope:	lt	version:	nice-al00c00b160	Trust: 1.0
vendor:	huawei	model:	smartphone software mtk platform	scope:	lt	version:	nice-al00c00b160	Trust: 0.8
vendor:	huawei	model:	smartphone software mtk platform	scope:	lt	version:	nice-al10c00b140	Trust: 0.8
vendor:	huawei	model:	enjoy <nice-al00c00b160	scope:	eq	version:	6	Trust: 0.6
vendor:	huawei	model:	enjoy <nice-al10c00b140	scope:	eq	version:	6	Trust: 0.6

sources: CNVD: CNVD-2017-34226 // JVNDB: JVNDB-2017-010621 // NVD: CVE-2017-8183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8183
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8183
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-34226
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-954
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-8183
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34226
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-8183
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-34226 // JVNDB: JVNDB-2017-010621 // CNNVD: CNNVD-201711-954 // NVD: CVE-2017-8183

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-010621 // NVD: CVE-2017-8183

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-954

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-954

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010621

PATCH

title:	huawei-sa-20171115-01-mtk	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en	Trust: 0.8
title:	Huawei enjoys the patch of arbitrary memory access vulnerability on 6MTK platform	url:	https://www.cnvd.org.cn/patchInfo/show/106217	Trust: 0.6
title:	Huawei Nice-AL00 MTK Repair measures for platform security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76664	Trust: 0.6

sources: CNVD: CNVD-2017-34226 // JVNDB: JVNDB-2017-010621 // CNNVD: CNNVD-201711-954

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8183	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-010621	Trust: 0.8
db:	CNVD	id:	CNVD-2017-34226	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-954	Trust: 0.6

sources: CNVD: CNVD-2017-34226 // JVNDB: JVNDB-2017-010621 // CNNVD: CNNVD-201711-954 // NVD: CVE-2017-8183

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8183	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8183	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171115-01-mtk-cn	Trust: 0.6

sources: CNVD: CNVD-2017-34226 // JVNDB: JVNDB-2017-010621 // CNNVD: CNNVD-201711-954 // NVD: CVE-2017-8183

SOURCES

db:	CNVD	id:	CNVD-2017-34226
db:	JVNDB	id:	JVNDB-2017-010621
db:	CNNVD	id:	CNNVD-201711-954
db:	NVD	id:	CVE-2017-8183

LAST UPDATE DATE

2025-04-20T23:38:21.705000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34226	date:	2017-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-010621	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-954	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8183	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34226	date:	2017-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-010621	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-954	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8183	date:	2017-11-22T19:29:04.413