CVE-2017-8151

MEDIUM Year: 2017
CVSS v3 Score
6.8
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-287
View all →

Vulnerability Description

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's smart phone and install malicious apps in the mobile phone, allowing the attacker to reset the password and fingerprint of the phone without authentication.

Related Vulnerabilities

CVE-2014-2005

MEDIUM
CVSS:6.8(Medium)

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically ...

CWE-2872014

CVE-2016-4484

MEDIUM
CVSS:6.8(Medium)

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

CWE-2872016

CVE-2017-10709

MEDIUM
CVSS:6.8(Medium)

The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.

CWE-2872017

CVE-2017-12610

MEDIUM
CVSS:6.8(Medium)

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication wh...

CWE-2872017

CVE-2017-15351

MEDIUM
CVSS:6.8(Medium)

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in t...

CWE-2872017

CVE-2017-16242

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access...

CWE-2872017