CVE-2017-17161Improper Authentication in Huawei Duke-l09 Firmware

CWE-287Improper Authentication3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 93.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Duke-l09 FirmwareHuawei Technologies CO LTD Duke-l09
Timeline
PublishedFeb 15
Latest updateMay 13

Description

The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/duke-l09_firmware< duke-l09c10b186+2
CVEListV5huawei_technologies_co_ltd/duke-l09Earlier than Duke-L09C10B186 versions, Earlier than Duke-L09C432B187 versions, Earlier than Duke-L09C636B186 versions

🔴Vulnerability Details

2
GHSA
GHSA-j7rm-f9jj-p7c6: The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, ear2022-05-13
CVEList
CVE-2017-17161: The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, ear2018-02-15
CVE-2017-17161 — Improper Authentication in Huawei | cvebase