Out-of-Bound Read Vulnerability in Huawei Smartphones
CVE-2017-8182

6.1MEDIUM

Key Information:

Vendor: McAfee
Status: Nice-al00
Vendor: CVE Published:; 22 November 2017

Summary

This vulnerability exists in the MTK platform used by certain Huawei smartphones, specifically in software versions prior to Nice-AL00C00B160 and Nice-AL10C00B140. It allows an attacker to exploit the device by tricking users into installing a malicious application. Once the application is installed, it can send crafted parameters that lead to memory being accessed outside its bounds, potentially exposing sensitive information or enabling further malicious activities.

Affected Version(s)

Nice-AL00 Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017