CVE-2017-17225: Buffer Overflow
First published: Fri Mar 09 2018(Updated: )
The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile phones with the versions before LON-AL00B 8.0.0.340a(C00) has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious data into a target mobile phone. Successful exploit could lead to system restart or arbitrary code execution.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Mate 9 Pro Firmware | <lon-al00b_8.0.0.340a\(c00\) | |
| Huawei Mate 9 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2017-17225.
What is the severity level of CVE-2017-17225?
The severity of CVE-2017-17225 is high with a rating of 8.8.
What is the affected software for CVE-2017-17225?
The affected software for CVE-2017-17225 is Huawei Mate 9 Pro mobile phones with firmware version LON-AL00B 8.0.0.340a(C00) and earlier.
What is the vulnerability description for CVE-2017-17225?
CVE-2017-17225 is a buffer overflow vulnerability in the Near Field Communication (NFC) module of Huawei Mate 9 Pro mobile phones, allowing an attacker to inject malicious data using an NFC card reader or another device.
Is Huawei Mate 9 Pro vulnerable to CVE-2017-17225?
Yes, Huawei Mate 9 Pro mobile phones with firmware version LON-AL00B 8.0.0.340a(C00) and earlier are vulnerable to CVE-2017-17225.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/huawei
- canonical/huawei mate 9 pro firmware
- canonical/huawei mate 9 pro