CVE-2017-15308

HIGH

Huawei iReader < 8.0.2.301 - Remote Code Execution via URL Input Validation

Title source: llm
STIX 2.1

Description

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0088
EPSS Percentile 55.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
huawei/ireader < 8.0.2.301
Huawei Technologies Co., Ltd./iReader before 8.0.2.301
Published Dec 22, 2017
Tracked Since Feb 18, 2026