CVE-2017-15351
First published: Thu Feb 15 2018(Updated: )
The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Honor V9 Play Firmware | =jimmy-al00ac00b135 | |
| Huawei Honor V9 Play Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-15351?
CVE-2017-15351 is considered a high severity vulnerability due to its potential to allow unauthorized access to the 'Find Phone' function.
How do I fix CVE-2017-15351?
To fix CVE-2017-15351, update your Huawei Honor V9 Play to the firmware version Jimmy-AL00AC00B135 or later.
What are the consequences of exploiting CVE-2017-15351?
Exploitation of CVE-2017-15351 allows an attacker to bypass authentication and potentially track or misrepresent a user's phone location.
Who is affected by CVE-2017-15351?
CVE-2017-15351 affects users of Huawei Honor V9 Play smartphones running firmware versions earlier than Jimmy-AL00AC00B135.
Is there a known fix for CVE-2017-15351?
Yes, the known fix for CVE-2017-15351 is to upgrade to firmware version Jimmy-AL00AC00B135 or newer.
- agent/type
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei honor v9 play firmware
- version/huawei honor v9 play firmware/jimmy-al00ac00b135