Sign-up

ID

VAR-201711-0990


CVE

CVE-2017-8152


TITLE

Huawei Honor 5S Vulnerabilities related to security checks in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010700

DESCRIPTION

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings. Huawei Honor 5S Smartphone software has a security check vulnerability.Information may be tampered with. HuaweiHonor5S is a smartphone from China's Huawei company

Trust: 2.16

sources: NVD: CVE-2017-8152 // JVNDB: JVNDB-2017-010700 // CNVD: CNVD-2017-24374

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-24374

AFFECTED PRODUCTS

vendor:huaweimodel:honor 5sscope:ltversion:tag-tl00c01b173

Trust: 1.8

vendor:huaweimodel:honor 5s <tag-tl00c01b173scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-24374 // JVNDB: JVNDB-2017-010700 // NVD: CVE-2017-8152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8152
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8152
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-24374
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-978
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-8152
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-24374
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-8152
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-24374 // JVNDB: JVNDB-2017-010700 // CNNVD: CNNVD-201711-978 // NVD: CVE-2017-8152

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.8

sources: JVNDB: JVNDB-2017-010700 // NVD: CVE-2017-8152

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-978

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-978

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010700

PATCH
title:huawei-sa-20170901-02-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphone-en
Trust: 0.8
title:HuaweiHonor5S security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/101394
Trust: 0.6
title:Huawei Honor 5S Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76688
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-24374 // 
            
            
            
            JVNDB: JVNDB-2017-010700 // 
            
            
            
            CNNVD: CNNVD-201711-978

EXTERNAL IDS
db:NVDid:CVE-2017-8152
Trust: 3.0
db:JVNDBid:JVNDB-2017-010700
Trust: 0.8
db:CNVDid:CNVD-2017-24374
Trust: 0.6
db:CNNVDid:CNNVD-201711-978
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-24374 // 
            
            
            
            JVNDB: JVNDB-2017-010700 // 
            
            
            
            CNNVD: CNNVD-201711-978 // 
            
            
            
            NVD: CVE-2017-8152

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8152
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8152
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170901-02-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-24374 // 
            
            
            
            JVNDB: JVNDB-2017-010700 // 
            
            
            
            CNNVD: CNNVD-201711-978 // 
            
            
            
            NVD: CVE-2017-8152

SOURCES
db:CNVDid:CNVD-2017-24374
db:JVNDBid:JVNDB-2017-010700
db:CNNVDid:CNNVD-201711-978
db:NVDid:CVE-2017-8152

LAST UPDATE DATE
2025-04-20T23:25:54.203000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-24374date:2017-09-02T00:00:00
db:JVNDBid:JVNDB-2017-010700date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-978date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8152date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-24374date:2017-09-02T00:00:00
db:JVNDBid:JVNDB-2017-010700date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201711-978date:2017-11-24T00:00:00
db:NVDid:CVE-2017-8152date:2017-11-22T19:29:03.413