1. Home
  2. CVE Database
  3. CVE-2017-8175
MEDIUM · 5.5

CVE-2017-8175

The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficien...

Vulnerability Description

The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiVicky-Al00A< vicky-al00ac00b167
HuaweiVictoria-Al00A< victoria-al00ac00b167
HuaweiWarsaw-Al00< warsaw-al00c00b191

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2017-8175?

CVE-2017-8175 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficien...

How severe is CVE-2017-8175?

CVE-2017-8175 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8175?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vicky-Al00A, Huawei Victoria-Al00A, Huawei Warsaw-Al00.