CVE-2017-8214
https://notcve.org/view.php?id=CVE-2017-8214
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. Los smartphones Huawei Honor 8, Honor V8, Honor 9, Honor V9, Nova 2, Nova 2 Plus, P9, P10 Plus y Toronto con versiones de software anteriores a FRD-AL00C00B391, FRD-DL00C00B391, KNT-AL10C00B391, KNT-AL20C00B391, KNT-UL10C00B391, KNT-TL10C00B391, Stanford-AL00C00B175, Stanford-AL10C00B175, Stanford-TL00C01B175, Duke-AL20C00B191, Duke-TL30C01B191, Picasso-AL00C00B162, Picasso-TL00C01B162 , Barca-AL00C00B162, Barca-TL00C00B162, EVA-AL10C00B396SP03, EVA-CL00C92B396, EVA-DL00C17B396, EVA-TL00C01B396 , Vicky-AL00AC00B172, Toronto-AL00AC00B191 y Toronto-TL10C01B191 tienen una vulnerabilidad de omisión de verificación de código de desbloqueo. Un atacante con privilegios root de un móvil puede explotar esta vulnerabilidad para omitir la verificación del código de desbloqueo y desbloquear el cargador de arranque del teléfono móvil. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en • CWE-287: Improper Authentication •
CVE-2017-8144
https://notcve.org/view.php?id=CVE-2017-8144
Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. Los smartphones Huawei Honor 5A, Honor 8 Lite, Mate9, Mate9 Pro, P10 y P10 Plus con software en versiones anteriores a la CAM-L03C605B143CUSTC605D003, la Prague-L03C605B161, la Prague-L23C605B160, la MHA-AL00C00B225, la LON-AL00C00B225, la VTR-AL00C00B167, la VTR-TL00C01B167, la VKY-AL00C00B167 y la VKY-TL00C01B167 tienen una vulnerabilidad de agotamiento de recursos debido a la configuración de las opciones. Un atacante engaña a un usuario para que instale una aplicación maliciosa; la aplicación podría encender la linterna del dispositivo y descargar rápidamente la batería. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en • CWE-920: Improper Restriction of Power Consumption •
CVE-2017-8204
https://notcve.org/view.php?id=CVE-2017-8204
The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution El controlador Bastet de los smartphones Huawei Honor 9 con versiones de software anteriores a Stanford-AL10C00B175 tiene una vulnerabilidad de desbordamiento de búfer debido a la falta de validación de parámetros. Un atacante puede engañar a un usuario para que instale una app maliciosa que tiene privilegios root. La app podría enviar un parámetro específico al controlador del smartphone, provocando la ejecución de código arbitrario. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170914-01-smartphone-en http://www.securityfocus.com/bid/101962 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-8205
https://notcve.org/view.php?id=CVE-2017-8205
The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution. El controlador Bastet de los smartphones Huawei Honor 9 con versiones de software anteriores a Stanford-AL10C00B175 tiene una vulnerabilidad de desbordamiento de enteros debido a la falta de validación de parámetros. Un atacante puede engañar a un usuario para que instale una app maliciosa que tiene privilegios root. La app podría enviar un parámetro específico al controlador del smartphone, provocando la ejecución de código arbitrario. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170914-02-smartphone-en http://www.securityfocus.com/bid/101963 • CWE-190: Integer Overflow or Wraparound •