How severe is CVE-2017-16778?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2017-16778?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2017-16778

MEDIUM Year: 2017

CVSS v3 Score

4.6

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-863

View all →

Vulnerability Description

An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz).

CVE-2018-7926

MEDIUM

CVSS:4.6(Medium)

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtaine...

CWE-8632018

CVE-2018-7988

MEDIUM

CVSS:4.6(Medium)

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone t...

CWE-8632018

CVE-2019-5220

MEDIUM

CVSS:4.6(Medium)

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step ...

CWE-8632019

CVE-2019-5231

MEDIUM

CVSS:4.6(Medium)

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts...

CWE-8632019

CVE-2020-0473

MEDIUM

CVSS:4.6(Medium)

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical p...

CWE-8632020

CVE-2021-22398

MEDIUM

CVSS:4.6(Medium)

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attac...

CWE-8632021

CVE-2017-16778

Vulnerability Description

Related Vulnerabilities

CVE-2018-7926

CVE-2018-7988

CVE-2019-5220

CVE-2019-5231

CVE-2020-0473

CVE-2021-22398