Vulnerabilities > CVE-2017-2735 - Exposed Dangerous Method or Function vulnerability in Huawei Y6 PRO Firmware 9.1.0.248(C636E5R3P1)

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-749

NVD

Published: 2017-11-22

Updated: 2017-12-11

Summary

TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Y6 PRO Firmware - Huawei Y6 PRO Firmware 9.1.0.248\(C636E5R3P1\)	2
Hardware	Huawei Huawei Y6 PRO -	1

Common Weakness Enumeration (CWE)

CWE-749 - Exposed Dangerous Method or Function

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References