How does CVE-2017-2696 affect Huawei Y6ii firmware?

CVE-2017-2696 affects Huawei Y6ii firmware versions up to and including cam-l21c10b130 and cam-l21c185b141.

How severe is CVE-2017-2696?

CVE-2017-2696 has a severity rating of 7.8 (critical).

Is there a fix available for CVE-2017-2696?

Yes, Huawei has released a security advisory with information on how to mitigate the CVE-2017-2696 vulnerability.

Vulnerability/
CVE-2017-2696

critical

9.3

CWE

119

22/11/2017

17/9/2024

CVE-2017-2696: Buffer Overflow

Q: What is CVE-2017-2696?

CVE-2017-2696 is a buffer overflow vulnerability in the emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions.

Q: How can an attacker exploit the CVE-2017-2696 vulnerability?

An attacker with root privileges can trick a user into installing a malicious application on the smartphone and send a given parameter to exploit the buffer overflow vulnerability.

First published: Wed Nov 22 2017(Updated: )

The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Y6ii Firmware	<=cam-l21c185b141
Huawei Y6ii
Huawei Y6ii Firmware	<=cam-l21c10b130

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-smartphone-en

Frequently Asked Questions

What is CVE-2017-2696?
CVE-2017-2696 is a buffer overflow vulnerability in the emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions.
How does CVE-2017-2696 affect Huawei Y6ii firmware?
CVE-2017-2696 affects Huawei Y6ii firmware versions up to and including cam-l21c10b130 and cam-l21c185b141.
How severe is CVE-2017-2696?
CVE-2017-2696 has a severity rating of 7.8 (critical).
How can an attacker exploit the CVE-2017-2696 vulnerability?
An attacker with root privileges can trick a user into installing a malicious application on the smartphone and send a given parameter to exploit the buffer overflow vulnerability.
Is there a fix available for CVE-2017-2696?
Yes, Huawei has released a security advisory with information on how to mitigate the CVE-2017-2696 vulnerability.

collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/description
agent/tags
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/huawei
canonical/huawei y6ii firmware
version/huawei y6ii firmware/cam-l21c185b141
canonical/huawei y6ii
version/huawei y6ii firmware/cam-l21c10b130

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.