CVSS: 2.4EPSS: 0%CPEs: 10EXPL: 0CVE-2017-2705
https://notcve.org/view.php?id=CVE-2017-2705
Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a phone activation bypass vulnerability. Successful exploit could allow an unauthenticated attacker to bypass phone activation to settings page of the phone. Los smartphones Huawei P9 con versiones de software anteriores a la EVA-AL10C00B365, anteriores a la EVA-AL00C00B365, anteriores a la EVA-CL00C92B365, anteriores a la EVA-DL00C17B365 y versiones anteriores a la EVA-TL00C01B365 tienen una vulnerabilidad de omisión de activación del teléfono. Un exploit exitoso podría permitir que un atacante no autenticado omita la activación del teléfono en la página de configuración del teléfono. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-02-smartphone-en http://www.securityfocus.com/bid/95661 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2734
https://notcve.org/view.php?id=CVE-2017-2734
P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion. Los smartphones P9 Plus con versiones de software anteriores a la VIE-AL10BC00B386 tienen una vulnerabilidad de denegación de servicio (DoS). Un atacante engaña a un usuario para que instale una aplicación maliciosa en el smartphone y la aplicación puede enviar parámetros a una interfaz específica. Esto provoca que se asigne una gran cantidad de memoria y que el smartphone se cierre inesperadamente debido al agotamiento de memoria. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-02-smartphone-en • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2691
https://notcve.org/view.php?id=CVE-2017-2691
Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot. Huawei P9 en versiones anteriores a la EVA-AL10C00B373, anteriores a la EVA-CL00C92B373, anteriores a la EVA-DL00C17B373 y anteriores a la EVA-TL00C01B373 tiene una vulnerabilidad de omisión de pantalla de bloqueo. Un atacante sin autenticar podría forzar a que el teléfono entre en el modo fastboot y eliminar el archivo de contraseñas del usuario durante el proceso de reinicio y, a continuación, iniciar el móvil sin contraseña de bloqueo de pantalla tras el reinicio. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en http://www.securityfocus.com/bid/95658 •
CVSS: 7.2EPSS: 0%CPEs: 44EXPL: 0CVE-2017-8214
https://notcve.org/view.php?id=CVE-2017-8214
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. Los smartphones Huawei Honor 8, Honor V8, Honor 9, Honor V9, Nova 2, Nova 2 Plus, P9, P10 Plus y Toronto con versiones de software anteriores a FRD-AL00C00B391, FRD-DL00C00B391, KNT-AL10C00B391, KNT-AL20C00B391, KNT-UL10C00B391, KNT-TL10C00B391, Stanford-AL00C00B175, Stanford-AL10C00B175, Stanford-TL00C01B175, Duke-AL20C00B191, Duke-TL30C01B191, Picasso-AL00C00B162, Picasso-TL00C01B162 , Barca-AL00C00B162, Barca-TL00C00B162, EVA-AL10C00B396SP03, EVA-CL00C92B396, EVA-DL00C17B396, EVA-TL00C01B396 , Vicky-AL00AC00B172, Toronto-AL00AC00B191 y Toronto-TL10C01B191 tienen una vulnerabilidad de omisión de verificación de código de desbloqueo. Un atacante con privilegios root de un móvil puede explotar esta vulnerabilidad para omitir la verificación del código de desbloqueo y desbloquear el cargador de arranque del teléfono móvil. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8140
https://notcve.org/view.php?id=CVE-2017-8140
The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution. El controlador soundtrigger en smartphones P9 Plus con versiones de software anteriores a la VIE-AL10BC00B353 tiene una vulnerabilidad de doble liberación de memoria (double free). Un atacante engaña a un usuario para que instale una aplicación maliciosa; la aplicación puede comenzar múltiples hilos e intentar liberar memoria específica. Esto podría desencadenar una doble liberación (double free) y provocar un cierre inesperado del sistema o la ejecución de código arbitrario. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en • CWE-415: Double Free •