The ‘Find Phone’ function of some Huawei smart phones has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the ‘Find Phone’ function, an attacker may exploit the vulnerability to bypass the ‘Find Phone’ function in order to use the phone normally. (Vulnerability ID: HWPSIRT-2016-11096)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2708.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en
CPE | Name | Operator | Version |
---|---|---|---|
nice | eq | Versions earlier before Nice-AL00C00B0135 |