First published: Wed Nov 22 2017(Updated: )
TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Y6 Pro Firmware | <tit-al00c583b214 | |
Huawei Y6 Pro |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-2735 is a vulnerability found in TIT-AL00 smartphones with software versions earlier than TIT-AL00C583B214.
The severity of CVE-2017-2735 is high, with a CVSS severity value of 7.1.
CVE-2017-2735 affects Huawei Y6 Pro smartphones with firmware versions earlier than TIT-AL00C583B214.
An attacker can exploit CVE-2017-2735 by tricking the user into calling an exposed system interface.
Yes, Huawei has released a security advisory (SA-20170329-01) addressing the vulnerability. Users should update their software to version TIT-AL00C583B214 or later.