Security Advisory - Two Vulnerabilities in Smart Phones

2017-08-07T00:00:00
ID HUAWEI-SA-20170807-01-SMARTPHONE
Type huawei
Reporter Huawei Technologies
Modified 2017-08-07T00:00:00

Description

Some Huawei smart phones have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04121) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8214. Some Huawei smart phones have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04122) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8215. Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en