Vulnerability Description
The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Honor 5C Firmware | < nem-al10c00b356 |
| Huawei | Honor 5C | - |
| Huawei | Honor 6X Firmware | < berlin-l21hnc432b360 |
| Huawei | Honor 6X | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphIssue TrackingVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphIssue TrackingVendor Advisory
FAQ
What is CVE-2017-8209?
CVE-2017-8209 is a vulnerability with a CVSS score of 7.8 (HIGH). The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the l...
How severe is CVE-2017-8209?
CVE-2017-8209 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8209?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor 5C Firmware, Huawei Honor 5C, Huawei Honor 6X Firmware, Huawei Honor 6X.