CVE-2017-17158: Input Validation

First published: Thu May 24 2018(Updated: )

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Berlin-l21hn Firmware	<l21hnc185b381
Huawei Berlin-l21hn
Huawei Prague-al00a Firmware	<al00ac00b223
Huawei Prague-al00a
Huawei Prague-al00b Firmware	<al00bc00b223
Huawei Prague-al00b
Huawei Prague-al00c Firmware	<al00cc00b223
Huawei Prague-al00c
Huawei Prague-l31 Firmware	<l31c432b208
Huawei Prague-l31
Huawei Prague-tl00a Firmware	<tl00ac01b223
Huawei Prague-tl00a
Huawei Prague-tl10a Firmware	<tl00ac01b223
Huawei Prague-tl10a

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.