CVE-2017-15351

CWE-287Improper Authentication3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 93.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Technologies Co., Ltd. Honor V9 PlayHuawei Honor V9 Play Firmware
Timeline
PublishedFeb 15
Latest updateMay 14

Description

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/honor_v9_play_firmwarejimmy-al00ac00b135
CVEListV5huawei_technologies_co.,_ltd./honor_v9_playVersions earlier than Jimmy-AL00AC00B135

🔴Vulnerability Details

2
GHSA
GHSA-8h4r-cwx7-rqq7: The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerabilit2022-05-14
CVEList
CVE-2017-15351: The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerabilit2018-02-15
CVE-2017-15351 (MEDIUM CVSS 6.8) | The 'Find Phone' function in Huawei | cvebase.io