{"api_version":"1","generated_at":"2026-04-22T23:20:03+00:00","cve":"CVE-2017-15351","urls":{"html":"https://cve.report/CVE-2017-15351","api":"https://cve.report/api/cve/CVE-2017-15351.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-15351","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-15351"},"summary":{"title":"CVE-2017-15351","description":"The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2018-02-15 16:29:00","updated_at":"2018-02-26 15:06:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en","name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Advisory - Authentication Bypass Vulnerability in the 'Find Phone' Function of Some Huawei Smart Phones","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-15351","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15351","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"15351","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"honor_v9_play","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15351","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"honor_v9_play","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15351","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"honor_v9_play_firmware","cpe6":"jimmy-al00ac00b135","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15351","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"honor_v9_play_firmware","cpe6":"jimmy-al00ac00b135","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@huawei.com","ID":"CVE-2017-15351","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Honor V9 play","version":{"version_data":[{"version_value":"Versions earlier than Jimmy-AL00AC00B135"}]}}]},"vendor_name":"Huawei Technologies Co., Ltd."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"authentication bypass"}]}]},"references":{"reference_data":[{"name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en","refsource":"CONFIRM","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en"}]}},"nvd":{"publishedDate":"2018-02-15 16:29:00","lastModifiedDate":"2018-02-26 15:06:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:honor_v9_play_firmware:jimmy-al00ac00b135:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"15351","Ordinal":"112855","Title":"CVE-2017-15351","CVE":"CVE-2017-15351","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"15351","Ordinal":"1","NoteData":"The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"15351","Ordinal":"2","NoteData":"2018-02-15","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"15351","Ordinal":"3","NoteData":"2018-02-15","Type":"Other","Title":"Modified"}]}}}