PT-2017-13985 · Huawei · Reader

Published

2017-12-22

Updated

2018-08-02

CVE-2017-15308

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huawei iReader app versions prior to 8.0.2.301

Description The issue is due to insufficient validation on the URL used for loading network data, allowing an attacker to control app access and load malicious websites. This enables the attacker to run code from these webpages.

Recommendations For versions prior to 8.0.2.301, update to version 8.0.2.301 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted websites to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-15308

ZDI-18-876

Affected Products

Reader

PT-2017-13985 · Huawei · Reader

CVE-2017-15308

Weakness Enumeration

Related Identifiers

Affected Products

References · 4