7.8
CWE
77
Advisory Published
Updated

CVE-2017-2692: Command Injection

First published: Wed Nov 22 2017(Updated: )

The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei P8 Lite Firmware<=ale-l02c635b140
Huawei P8 Lite
Huawei P8 Lite Firmware<=ale-l02c636b140
Huawei P8 Lite Firmware<=ale-l21c10b150
Huawei P8 Lite Firmware<=ale-l21c185b200
Huawei P8 Lite Firmware<=ale-l21c432b214
Huawei P8 Lite Firmware<=ale-l21c464b150
Huawei P8 Lite Firmware<=ale-l21c636b200
Huawei P8 Lite Firmware<=ale-l23c605b190
Huawei P8 Lite Firmware<=ale-tl00c01b250
Huawei P8 Lite Firmware<=ale-ul00c00b250.
Huawei Mate 7 Firmware<=mt7-l09c605b325
Huawei Mate 7
Huawei Mate 7 Firmware<=mt7-l09c900b339
Huawei Mate 7 Firmware<=mt7-tl10c900b339
Huawei Mate S Firmware<=crr-cl00c92b172
Huawei Mate S
Huawei Mate S Firmware<=crr-l09c432b180
Huawei Mate S Firmware<=crr-tl00c01b172
Huawei Mate S Firmware<=crr-ul00c00b172
Huawei Mate S Firmware<=crr-ul20c432b171
Huawei P8 Firmware<=gra-cl00c92b230
Huawei P8
Huawei P8 Firmware<=gra-l09c432b222
Huawei P8 Firmware<=gra-tl00c01b230sp01
Huawei P8 Firmware<=gra-ul00c00b230
Huawei P8 Firmware<=gra-ul00c10b201
Huawei P8 Firmware<=gra-ul00c432b220
Huawei Honor 6 Firmware<=h60-l04c10b523
Huawei Honor 6
Huawei Honor 6 Firmware<=h60-l04c185b523
Huawei Honor 6 Firmware<=h60-l04c636b527
Huawei Honor 6 Firmware<=h60-l04c900b530
Huawei Honor 7 Firmware<=plk-al10c00b220
Huawei Honor 7
Huawei Honor 7 Firmware<=plk-al10c92b220
Huawei Honor 7 Firmware<=plk-cl00c92b220
Huawei Honor 7 Firmware<=plk-l01c10b140
Huawei Honor 7 Firmware<=plk-l01c432b187
Huawei Honor 7 Firmware<=plk-l01c432b190
Huawei Honor 7 Firmware<=plk-l01c636b130
Huawei Honor 7 Firmware<=plk-tl00c01b220
Huawei Honor 7 Firmware<=plk-tl01hc01b220
Huawei Honor 7 Firmware<=plk-ul00c17b220
Huawei Shotx Firmware<=ath-al00c92b200
Huawei Shotx
Huawei Shotx Firmware<=ath-cl00c92b210
Huawei Shotx Firmware<=ath-tl00c01b210
Huawei Shotx Firmware<=ath-tl00hc01b210
Huawei Shotx Firmware<=ath-ul00c00b210
Huawei Shotx Firmware<=rio-al00c00b220
Huawei Shotx Firmware<=ath-al00c00b210
Huawei G8 Firmware<=rio-al00c00b220
Huawei G8
Huawei G8 Firmware<=rio-cl00c92b220
Huawei G8 Firmware<=rio-tl00c01b220
Huawei G8 Firmware<=rio-ul00c00b220

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203