CVE-2017-8175
MEDIUMHuawei Vicky-AL00A, Victoria-AL00A, Warsaw-AL00 - Denial of Service via Bastet Parameter Modification
Title source: llmDescription
The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-02-smartphone-en
Scores
CVSS v3
5.5
EPSS
0.0007
EPSS Percentile
21.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (4)
huawei/vicky-al00a
< vicky-al00ac00b167
huawei/victoria-al00a
< victoria-al00ac00b167
huawei/warsaw-al00
< warsaw-al00c00b191
Huawei Technologies Co., Ltd./Vicky-AL00A,Victoria-AL00A,Warsaw-AL00
Earlier than Vicky-AL00AC00B167 versions,Earlier than Victoria-AL00AC00B167 versions,Earlier than Wa
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026