CVE-2017-17158: Input Validation

First published: Thu May 24 2018(Updated: )

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

Credit: psirt@huawei.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/severity
• agent/weakness
• agent/author
• agent/references
• agent/tags
• agent/type
• agent/event
• agent/description
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• vendor/huawei
• canonical/huawei berlin-l21hn firmware
• canonical/huawei berlin-l21hn
• canonical/huawei prague-al00a firmware
• canonical/huawei prague-al00a
• canonical/huawei prague-al00b firmware
• canonical/huawei prague-al00b
• canonical/huawei prague-al00c firmware
• canonical/huawei prague-al00c
• canonical/huawei prague-l31 firmware
• canonical/huawei prague-l31
• canonical/huawei prague-tl00a firmware
• canonical/huawei prague-tl00a
• canonical/huawei prague-tl10a firmware
• canonical/huawei prague-tl10a