Details of VAR-201911-1612

ID

VAR-201911-1612

CVE

CVE-2017-17224

TITLE

plural Huawei In smartphone products NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014778

DESCRIPTION

Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. plural Huawei For smartphone products, NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HG655 is a router product of China's Huawei company. The HuaweiHG655m router has a command injection vulnerability. An attacker can use a vulnerability to execute an operating system command on a higher-privileged device by forging a UPnPSOAP request

Trust: 2.16

sources: NVD: CVE-2017-17224 // JVNDB: JVNDB-2017-014778 // CNVD: CNVD-2018-07033

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-07033

AFFECTED PRODUCTS

vendor:	huawei	model:	hg655m	scope:	lt	version:	v100r001c02b023	Trust: 1.0
vendor:	huawei	model:	hg655m	scope:	lt	version:	harry-al00c_9.1.0.206\(c00e205r3p1\)	Trust: 1.0
vendor:	huawei	model:	hg655m	scope:	lt	version:	harry-al00c 9.1.0.206(c00e205r3p1)	Trust: 0.8
vendor:	huawei	model:	hg655m	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-07033 // JVNDB: JVNDB-2017-014778 // NVD: CVE-2017-17224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17224
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-17224
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-07033
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201911-707
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-17224
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-07033
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-17224
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2017-17224
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-07033 // JVNDB: JVNDB-2017-014778 // CNNVD: CNNVD-201911-707 // NVD: CVE-2017-17224

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.8

sources: JVNDB: JVNDB-2017-014778 // NVD: CVE-2017-17224

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201911-707

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-707

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014778

PATCH

title:	huawei-sn-20180327-01-hg655m	url:	http://www.huawei.com/en/psirt/security-notices/huawei-sn-20180327-01-hg655m-en	Trust: 0.8
title:	HuaweiHG655m router command injection vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/124833	Trust: 0.6
title:	Huawei HG655m Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103320	Trust: 0.6

sources: CNVD: CNVD-2018-07033 // JVNDB: JVNDB-2017-014778 // CNNVD: CNNVD-201911-707

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17224	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014778	Trust: 0.8
db:	CNVD	id:	CNVD-2018-07033	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-707	Trust: 0.6

sources: CNVD: CNVD-2018-07033 // JVNDB: JVNDB-2017-014778 // CNNVD: CNNVD-201911-707 // NVD: CVE-2017-17224

REFERENCES

url:	https://fortiguard.com/zeroday/fg-vd-18-017	Trust: 3.0
url:	http://www.huawei.com/en/psirt/security-notices/huawei-sn-20180327-01-hg655m-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17224	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17224	Trust: 0.8

sources: CNVD: CNVD-2018-07033 // JVNDB: JVNDB-2017-014778 // CNNVD: CNNVD-201911-707 // NVD: CVE-2017-17224

SOURCES

db:	CNVD	id:	CNVD-2018-07033
db:	JVNDB	id:	JVNDB-2017-014778
db:	CNNVD	id:	CNNVD-201911-707
db:	NVD	id:	CVE-2017-17224

LAST UPDATE DATE

2024-11-23T22:25:43.451000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07033	date:	2018-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-014778	date:	2019-11-25T00:00:00
db:	CNNVD	id:	CNNVD-201911-707	date:	2020-07-07T00:00:00
db:	NVD	id:	CVE-2017-17224	date:	2024-11-21T03:17:41.773

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-07033	date:	2018-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-014778	date:	2019-11-25T00:00:00
db:	CNNVD	id:	CNNVD-201911-707	date:	2019-11-12T00:00:00
db:	NVD	id:	CVE-2017-17224	date:	2019-11-12T22:15:10.963