medium
6.3
CWE
20
Advisory Published
Updated

CVE-2017-17171: Input Validation

First published: Fri Jun 01 2018(Updated: )

Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei Mate 8 Firmware<nxt-al10c00b593
Huawei Mate 8
Huawei Mate 8 Firmware<nxt-cl00c92b593
Huawei Mate 8 Firmware<nxt-dl00c17b593
Huawei Mate 8 Firmware<nxt-l09c636b598a
Huawei Mate 8 Firmware<nxt-l09c185b583
Huawei Mate 8 Firmware<nxt-l09c432b582
Huawei Mate 8 Firmware<nxt-l09c605b585custc605d590
Huawei Mate 8 Firmware<nxt-l29c10b583
Huawei Mate 8 Firmware<nxt-l29c185b585
Huawei Mate 8 Firmware<nxt-l29c636b594a
Huawei Mate 8 Firmware<nxtl00c01b593
Huawei P9 Firmware<eva-al00c00b398
Huawei P9
Huawei P9 Firmware<eva-al10c00b398
Huawei P9 Firmware<eva-cl00c92b398
Huawei P9 Firmware<eva-dl00c17b398
Huawei P9 Firmware<eva-l09c185b391
Huawei P9 Firmware<eva-l09c432b395
Huawei P9 Firmware<eva-l09c464b383
Huawei P9 Firmware<eva-l09c605b392
Huawei P9 Firmware<=eva-l09c636b388
Huawei P9 Firmware<eva-l19c10b394
Huawei P9 Firmware<eva-l19c432b392
Huawei P9 Firmware<eva-l19c605b390
Huawei P9 Firmware<eva-l19c636b393
Huawei P9 Firmware<eva-l29c636b389
Huawei P9 Firmware<eva-tl00c01b398
Huawei P9 Plus Firmware<vie-l09c318b182
Huawei P9 Plus
Huawei P9 Plus Firmware<vie-l09c432b380
Huawei P9 Plus Firmware<vie-l09c576b180
Huawei P9 Plus Firmware<vie-l29c605b370
Huawei P9 Plus Firmware<vie-l29c636b388

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this issue?

    The vulnerability ID for this issue is CVE-2017-17171.

  • What is the severity of CVE-2017-17171?

    The severity of CVE-2017-17171 is medium.

  • Which Huawei devices are affected by CVE-2017-17171?

    Some Huawei smart phones, such as Huawei Mate 8 and Huawei P9, are affected by CVE-2017-17171.

  • How can an attacker exploit CVE-2017-17171?

    An attacker can trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions.

  • Are there any fixes or patches available for CVE-2017-17171?

    Yes, Huawei has released security advisories and patches to fix CVE-2017-17171. Please refer to the references for more information.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203