CVE-2017-2735

Published: Nov 22, 2017Modified: May 13, 2026

7.1

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.

Affected (1)

Products: Huawei: Y6 Pro Firmware

1 product

Y6 Pro Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Y6 Pro Firmware	Before tit-al00c583b214

Running on/with	Platform Versions
Huawei Y6 Pro	All versions

Related CWEs

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (4)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.securityfocus.com/bid/97224

Source: psirt@huawei.com

Third Party AdvisoryVDB Entry

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/97224

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.