Input validation

2018-05-2414:29:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user’s smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

CPENameOperatorVersion
berlin-l21hn_firmwareeq< l21hnc185b381
prague-al00a_firmwareeq< al0ac0b223
prague-al00b_firmwareeq< al0bc0b223
prague-al00c_firmwareeq< al0cc0b223
prague-l31_firmwareeq< l31c432b208
prague-tl00a_firmwareeq< tl0ac1b223
prague-tl10a_firmwareeq< tl0ac1b223

Name	Operator	Version
berlin-l21hn_firmware	eq	< l21hnc185b381
prague-al00a_firmware	eq	< al0ac0b223
prague-al00b_firmware	eq	< al0bc0b223
prague-al00c_firmware	eq	< al0cc0b223
prague-l31_firmware	eq	< l31c432b208
prague-tl00a_firmware	eq	< tl0ac1b223
prague-tl10a_firmware	eq	< tl0ac1b223