CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2726
https://notcve.org/view.php?id=CVE-2017-2726
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Bastet en smartphones P10 Plus y P10 con software VKY-AL00C00B123 y anteriores y VTR-AL00C00B123 y anteriores tiene una vulnerabilidad de desbordamiento de búfer. Un atacante con el privilegio root de un sistema Android podría engañar a un usuario para que instale una APP maliciosa. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en http://www.securityfocus.com/bid/97696 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8171
https://notcve.org/view.php?id=CVE-2017-8171
Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed. Los smartphones Huawei con software anterior a las versiones Vicky-AL00AC00B172D tienen una vulnerabilidad de seguridad de omisión de Factory Reset Protection (FRP). Cuando se reconfigura el teléfono móvil utilizando la función Factory Reset Protection (FRP), un atacante puede iniciar sesión en modo Talkback y realizar determinadas operaciones para omitir la verificación de la cuenta de Google. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbypass-en • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.3EPSS: 0%CPEs: 26EXPL: 0CVE-2017-8150
https://notcve.org/view.php?id=CVE-2017-8150
The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution. Los cargadores de arranque de los móviles Huawei P10 y P10 Plus con versiones de software anteriores a Victoria-L09AC605B162, Victoria-L29AC605B162 y Vicky-L29AC605B162 tienen una vulnerabilidad de escritura de memoria arbitraria debido a la falta de validación de parámetros. Un atacante con privilegios root de un sistema Android podría engañar a un usuario para que instale una app maliciosa. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphone-en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2017-8144
https://notcve.org/view.php?id=CVE-2017-8144
Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. Los smartphones Huawei Honor 5A, Honor 8 Lite, Mate9, Mate9 Pro, P10 y P10 Plus con software en versiones anteriores a la CAM-L03C605B143CUSTC605D003, la Prague-L03C605B161, la Prague-L23C605B160, la MHA-AL00C00B225, la LON-AL00C00B225, la VTR-AL00C00B167, la VTR-TL00C01B167, la VKY-AL00C00B167 y la VKY-TL00C01B167 tienen una vulnerabilidad de agotamiento de recursos debido a la configuración de las opciones. Un atacante engaña a un usuario para que instale una aplicación maliciosa; la aplicación podría encender la linterna del dispositivo y descargar rápidamente la batería. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en • CWE-920: Improper Restriction of Power Consumption •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2725
https://notcve.org/view.php?id=CVE-2017-2725
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Bastet en smartphones P10 Plus y P10 con software VKY-AL00C00B123 y anteriores y VTR-AL00C00B123 y anteriores tiene una vulnerabilidad de desbordamiento de búfer. Un atacante con el privilegio root de un sistema Android podría engañar a un usuario para que instale una APP maliciosa. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en http://www.securityfocus.com/bid/97696 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •