Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2015-8088

Published: 12/01/2016 Updated: 28/11/2016
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, and GRA-UL10 before GRA-UL10C00B220 allows malicious users to cause a denial of service (reboot) or execute arbitrary code via a crafted application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

huawei p8_firmware gra-ul10

huawei p8_firmware gra-ul100

huawei p8_firmware gra-cl100

huawei p8_firmware gra-tl00

huawei p8_firmware gra-cl10

huawei mate_7_firmware mt7-ul00

huawei mate_7_firmware mt7-cl00

huawei mate_7_firmware mt7-tl00

huawei mate_7_firmware mt7-tl10

Exploits

Exploit DB: Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation
/* * * HuaWei Mate7 hifi driver Poc * * Writen by pray3r, <pray3rz@gmailcom> * */ #include <stdioh> #include <stdlibh> #include <fcntlh> #include <sys/typesh> #include <sys/stath> #include <sys/ioctlh> #define HIFI_MISC_IOCTL_WRITE_PARAMS _IOWR('A', 0x75, struct misc_io_sync_param) str ...

Github Repositories

https://github.com/Pray3r/CVE-2015-8088

Crash PoC

CVE-2015-8088 Source of PoC code Detail of the CVE: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2015-8088 Detail of the Vulnerability: kernfunnyorg/blog/cve-2015-8088-heap-based-buffer-overflow-in-the-hifi-driver-of-huawei-smart-phonehtml

References

CWE-119http://www.huawei.com/en/psirt/security-advisories/hw-460347http://www.securityfocus.com/bid/77560https://nvd.nist.govhttps://github.com/Pray3r/CVE-2015-8088https://www.exploit-db.com/exploits/44306/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook