CVE-2017-15308

high

Published 2017-12-22 · Modified 2026-05-13

CVSS v3

8.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

6.8

VIR risk

8.8

Description

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@huawei.com — http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en

Application impact

Vendor	Product	Versions	Fixed
huawei	ireader	`{"endExcluding":"8.0.2.301"}`	`8.0.2.301`

References

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.