CVE-2017-2735Exposed Dangerous Method or Function in Technologies CO LTD Tit-al00

CWE-749Exposed Dangerous Method or Function3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 79.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Y6 PRO FirmwareHuawei Technologies CO LTD Tit-al00
Timeline
PublishedNov 22
Latest updateMay 17

Description

TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5huawei_technologies_co_ltd/tit-al00Versions earlier before TIT-AL00C583B214
NVDhuawei/y6_pro_firmware< tit-al00c583b214

🔴Vulnerability Details

2
GHSA
GHSA-x63c-c6fq-2vvq: TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability2022-05-17
CVEList
CVE-2017-2735: TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability2017-11-22
CVE-2017-2735 — Exposed Dangerous Method or Function | cvebase