7.1
CVE-2017-8202
- EPSS 0.07%
- Published 22.11.2017 19:29:05
- Last modified 20.04.2025 01:37:25
- Source psirt@huawei.com
- Teams watchlist Login
- Open Login
The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot.
Data is provided by the National Vulnerability Database (NVD)
Huawei ≫ Prague-al00a Firmware Version < prague-al00ac00b205
Huawei ≫ Prague-al00b Firmware Version < prague-al00bc00b205
Huawei ≫ Prague-al00c Firmware Version < prague-al00cc00b205
Huawei ≫ Prague-tl00a Firmware Version < prague-tl00ac01b205
Huawei ≫ Prague-tl10a Firmware Version < prague-tl10ac01b205
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.173 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.