CVE-2017-2713

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 89.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P9 Firmware Huawei Technologies Co., Ltd. Huawei P9

Timeline

PublishedNov 22

Latest updateMay 17

Description

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDhuawei/p9_firmware< eva-l09c432b383+3

▶CVEListV5huawei_technologies_co.,_ltd./huawei_p9Versions earlier before EVA-L09C432B383, Versions earlier before EVA-L09C636B380, Versions earlier before VIE-L09C432B370, Versions earlier before VIE-L29C636B370

🔴Vulnerability Details

GHSA

GHSA-xgg3-h73q-j6q4: HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C↗2022-05-17

▶

CVEList

CVE-2017-2713: HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C↗2017-11-22

▶