Sign-up

ID

VAR-201712-0797


CVE

CVE-2017-15310


TITLE

Huawei iReader Application input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011593

DESCRIPTION

Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card. Huawei iReader The application contains an input validation vulnerability.Information may be tampered with. Huawei iReader is a built-in e-book reading application for Huawei mobile phones produced by China's Huawei (Huawei)

Trust: 1.71

sources: NVD: CVE-2017-15310 // JVNDB: JVNDB-2017-011593 // VULHUB: VHN-106120

AFFECTED PRODUCTS

vendor:huaweimodel:ireaderscope:ltversion:8.0.2.301

Trust: 1.8

sources: JVNDB: JVNDB-2017-011593 // NVD: CVE-2017-15310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15310
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15310
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-466
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106120
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15310
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-106120
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15310
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-106120 // JVNDB: JVNDB-2017-011593 // CNNVD: CNNVD-201710-466 // NVD: CVE-2017-15310

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-106120 // JVNDB: JVNDB-2017-011593 // NVD: CVE-2017-15310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-466

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201710-466

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011593

PATCH
title:huawei-sa-20171120-01-hwreaderurl:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011593

EXTERNAL IDS
db:NVDid:CVE-2017-15310
Trust: 2.5
db:JVNDBid:JVNDB-2017-011593
Trust: 0.8
db:CNNVDid:CNNVD-201710-466
Trust: 0.7
db:VULHUBid:VHN-106120
Trust: 0.1
sources:
            
            
            VULHUB: VHN-106120 // 
            
            
            
            JVNDB: JVNDB-2017-011593 // 
            
            
            
            CNNVD: CNNVD-201710-466 // 
            
            
            
            NVD: CVE-2017-15310

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15310
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15310
Trust: 0.8
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171120-01-hwreader-en
Trust: 0.6
sources:
            
            
            VULHUB: VHN-106120 // 
            
            
            
            JVNDB: JVNDB-2017-011593 // 
            
            
            
            CNNVD: CNNVD-201710-466 // 
            
            
            
            NVD: CVE-2017-15310

CREDITS
security research team MWR Labs
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201710-466

SOURCES
db:VULHUBid:VHN-106120
db:JVNDBid:JVNDB-2017-011593
db:CNNVDid:CNNVD-201710-466
db:NVDid:CVE-2017-15310

LAST UPDATE DATE
2025-04-20T23:15:49.337000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-106120date:2018-01-05T00:00:00
db:JVNDBid:JVNDB-2017-011593date:2018-01-22T00:00:00
db:CNNVDid:CNNVD-201710-466date:2017-11-30T00:00:00
db:NVDid:CVE-2017-15310date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-106120date:2017-12-22T00:00:00
db:JVNDBid:JVNDB-2017-011593date:2018-01-22T00:00:00
db:CNNVDid:CNNVD-201710-466date:2017-11-20T00:00:00
db:NVDid:CVE-2017-15310date:2017-12-22T17:29:13.017