CVE-2017-17326
First published: Fri Mar 09 2018(Updated: )
Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Mate 9 Pro Fimware | =lon-al00bc00b139d | |
| Huawei Mate 9 Pro Fimware | =lon-al00bc00b229 | |
| Huawei Mate 9 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2017-17326.
Which smartphones are affected by this vulnerability?
Huawei Mate 9 Pro smartphones with software versions LON-AL00BC00B139D and LON-AL00BC00B229 are affected.
What is the severity of CVE-2017-17326?
The severity of CVE-2017-17326 is medium, with a CVSS score of 4.6.
What is the activation lock bypass vulnerability?
The activation lock bypass vulnerability allows the smartphone to be activated by a former account after a reset, even if the 'find my phone' function is enabled.
Is there a fix available for this vulnerability?
For information on available fixes, please refer to the official security advisory provided by Huawei.
- collector/nvd-index
- vendor/huawei
- canonical/huawei mate 9 pro fimware
- version/huawei mate 9 pro fimware/lon-al00bc00b139d
- version/huawei mate 9 pro fimware/lon-al00bc00b229
- canonical/huawei mate 9 pro