Sign-up

ID

VAR-201711-0989


CVE

CVE-2017-8151


TITLE

Huawei Honor 5S Authentication vulnerabilities in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010699

DESCRIPTION

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's smart phone and install malicious apps in the mobile phone, allowing the attacker to reset the password and fingerprint of the phone without authentication. Huawei Honor 5S Smartphone software contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiHonor5S is a smartphone from China's Huawei company. HuaweiHonor5S has an authentication bypass vulnerability

Trust: 2.16

sources: NVD: CVE-2017-8151 // JVNDB: JVNDB-2017-010699 // CNVD: CNVD-2017-28813

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-28813

AFFECTED PRODUCTS

vendor:huaweimodel:honor 5sscope:ltversion:tag-tl00c01b173

Trust: 1.8

vendor:huaweimodel:honor 5s <tag-tl00c01b173scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-28813 // JVNDB: JVNDB-2017-010699 // NVD: CVE-2017-8151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8151
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8151
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-28813
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-979
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-8151
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-28813
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-8151
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-28813 // JVNDB: JVNDB-2017-010699 // CNNVD: CNNVD-201711-979 // NVD: CVE-2017-8151

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-010699 // NVD: CVE-2017-8151

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-979

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-979

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010699

PATCH
title:huawei-sa-20170816-03-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-03-smartphone-en
Trust: 0.8
title:HuaweiHonor5S authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/103207
Trust: 0.6
title:Huawei Honor 5S Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76689
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28813 // 
            
            
            
            JVNDB: JVNDB-2017-010699 // 
            
            
            
            CNNVD: CNNVD-201711-979

EXTERNAL IDS
db:NVDid:CVE-2017-8151
Trust: 3.0
db:JVNDBid:JVNDB-2017-010699
Trust: 0.8
db:CNVDid:CNVD-2017-28813
Trust: 0.6
db:CNNVDid:CNNVD-201711-979
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28813 // 
            
            
            
            JVNDB: JVNDB-2017-010699 // 
            
            
            
            CNNVD: CNNVD-201711-979 // 
            
            
            
            NVD: CVE-2017-8151

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-03-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8151
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8151
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170816-03-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28813 // 
            
            
            
            JVNDB: JVNDB-2017-010699 // 
            
            
            
            CNNVD: CNNVD-201711-979 // 
            
            
            
            NVD: CVE-2017-8151

SOURCES
db:CNVDid:CNVD-2017-28813
db:JVNDBid:JVNDB-2017-010699
db:CNNVDid:CNNVD-201711-979
db:NVDid:CVE-2017-8151

LAST UPDATE DATE
2025-04-20T23:35:40.341000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-28813date:2017-09-30T00:00:00
db:JVNDBid:JVNDB-2017-010699date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-979date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8151date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-28813date:2017-09-30T00:00:00
db:JVNDBid:JVNDB-2017-010699date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-979date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8151date:2017-11-22T19:29:03.380