Huawei NEM Touch Panel Driver memory corruption

A vulnerability, which was classified as critical, was found in Huawei NEM. Affected is an unknown function of the component Touch Panel Driver. The manipulation leads to memory corruption. Using CWE to declare the problem leads to CWE-119. The bug was discovered 11/23/2016. The weakness was published 04/02/2017 with Qihoo 360 as sa-20161123-03 (Website). The advisory is available at huawei.com. This vulnerability is traded as CVE-2016-8775. The attack needs to be approached locally. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 130 days. As 0-day the estimated underground price was around $5k-$25k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94506).

Field04/03/2017 09:05 AM08/25/2020 09:21 AM11/24/2022 02:43 PM
vendorHuaweiHuaweiHuawei
nameNEMNEMNEM
componentTouch Panel DriverTouch Panel DriverTouch Panel Driver
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
risk222
cvss2_vuldb_basescore7.27.27.2
cvss2_vuldb_tempscore6.36.36.3
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.17.17.3
cvss3_vuldb_basescore8.28.28.2
cvss3_vuldb_tempscore7.87.87.8
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sCCC
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prHHH
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-en
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
cveCVE-2016-8775CVE-2016-8775CVE-2016-8775
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryTouch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.
securityfocus945069450694506
securityfocus_titleHuawei NEM CVE-2016-8775 Local Buffer Overflow VulnerabilityHuawei NEM CVE-2016-8775 Local Buffer Overflow VulnerabilityHuawei NEM CVE-2016-8775 Local Buffer Overflow Vulnerability
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
0day_days130130130
cvss3_nvd_basescore6.76.76.7
discoverydate14798592001479859200
company_nameQihoo 360Qihoo 360
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-03-smartphone-en
osvdb_titleCVE-2016-8775 - Huawei - Nem-Al10 Firmware - HighCVE-2016-8775 - Huawei - Nem-Al10 Firmware - High
securityfocus_date1479859200 (11/23/2016)1479859200 (11/23/2016)
securityfocus_classBoundary Condition ErrorBoundary Condition Error
identifiersa-20161123-03
cvss2_nvd_basescore7.2

Do you know our Splunk app?

Download it now for free!