CVE-2017-15308
HIGHHuawei iReader < 8.0.2.301 - Remote Code Execution via URL Input Validation
Title source: llmDescription
Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en
Scores
CVSS v3
8.8
EPSS
0.0020
EPSS Percentile
41.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
huawei/ireader
< 8.0.2.301
Huawei Technologies Co., Ltd./iReader
before 8.0.2.301
Published
Dec 22, 2017
Tracked Since
Feb 18, 2026