CVE-2017-8146

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 77.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P10 Firmware Huawei P10 Plus Firmware

Timeline

PublishedNov 22

Latest updateMay 17

Description

The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/p10_plus_firmware< vky-al00c00b167+1

▶NVDhuawei/p10_firmware< vtr-al00c00b167+1

🔴Vulnerability Details

GHSA

GHSA-rgh4-jjhx-5jrr: The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL↗2022-05-17

▶

CVEList

CVE-2017-8146: The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL↗2017-11-22

▶