Vulnerabilities > CVE-2017-8216 - Incorrect Authorization vulnerability in Huawei P10 Lite Firmware

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

huawei

CWE-863

NVD

Published: 2017-11-22

Updated: 2020-08-24

Summary

Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei P10 Lite Firmware *	1
Hardware	Huawei Huawei P10 Lite -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170614-01-smartphone-en
http://www.securityfocus.com/bid/102190