CVE-2017-2699
HIGHHuawei Honor 7 Firmware < plk-ul00c17b385 - Unrestricted File Upload
Title source: ruleDescription
The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96424
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170222-01-theme-en
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
36.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (4)
huawei/honor_7_firmware
< plk-ul00c17b385
huawei/lyo-l21_firmware
< lyo-l21c577b128
huawei/mate_s_firmware
< crr-l09c432b380
Huawei Technologies Co., Ltd./Honor 7, Mate S,LYO-L21
Earlier than PLK-UL00C17B385 versions, Earlier than CRR-L09C432B380 versions, Earlier than LYO-L21C5
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026