CVE-2016-3680 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Mate 8	-
Huawei	Mate 8 Firmware	-

Related Weaknesses (CWE)

CWE-119

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160520-02-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160520-02-smartphVendor Advisory

FAQ

What is CVE-2016-3680?

CVE-2016-3680 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to ...

How severe is CVE-2016-3680?

CVE-2016-3680 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3680?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 8, Huawei Mate 8 Firmware.