Lucene search

[email protected]CVE-2016-4575

HistoryMay 25, 2016 - 3:59 p.m.

CVE-2016-4575

2016-05-2515:59:06

CWE-79

[email protected]

web.nvd.nist.gov

huawei

smartphones

vulnerability

cross-site scripting

xss

security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.3%

JSON

Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.

Affected configurations

NVD

Node

huaweiath_firmwareMatchal00c00

huaweiath_firmwareMatchcl00c92

huaweiath_firmwareMatchtl00hc01

huaweiath_firmwareMatchul00c00

AND

huaweiathMatch-

Node

huaweirio_firmwareMatchal00c00

AND

huaweirioMatch-

Node

huaweiplk_firmwareMatchal10c00

huaweiplk_firmwareMatchal10c92

AND

huaweiplkMatch-

Node

huaweicherryplus_firmwareMatchtl00c00

huaweicherryplus_firmwareMatchtl00mc01

huaweicherryplus_firmwareMatchul00c00

AND

huaweicherryplusMatch-

CPENameOperatorVersion
huawei:ath_firmwarehuawei ath firmwareeqal00c00
huawei:ath_firmwarehuawei ath firmwareeqcl00c92
huawei:ath_firmwarehuawei ath firmwareeqtl00hc01
huawei:ath_firmwarehuawei ath firmwareequl00c00
huawei:athhuawei atheq-

CPE	Name	Operator	Version
huawei:ath_firmware	huawei ath firmware	eq	al00c00
huawei:ath_firmware	huawei ath firmware	eq	cl00c92
huawei:ath_firmware	huawei ath firmware	eq	tl00hc01
huawei:ath_firmware	huawei ath firmware	eq	ul00c00
huawei:ath	huawei ath	eq	-

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for CVE-2016-4575

cvelist1 huawei1 prion1 nvd1