CVE-2017-8202

The CVE-2017-8202 issue affects Huawei smartphones with CameraISP driver prior to Prague-[builds listed in the description]. It is a buffer overflow caused by missing parameter validation in the CameraISP driver. An attacker tricks a user into installing a malicious app that sends a crafted param...

CVE-2017-8186

The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot...

CVE-2017-8207

The driver of honor 5C, honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has...

CVE-2017-8175

The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a...

CVE-2017-8204

The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a...

CVE-2017-8150

The CVE-2017-8150 entry affects Huawei P10 and P10 Plus bootloaders. The vulnerability is an arbitrary memory write caused by lack of parameter validation in boot loaders for versions prior to Victoria-L09AC605B162, Victoria-L29AC605B162, and Vicky-L29AC605B162. An attacker with root access on An...

CVE-2017-8208

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has...

CVE-2017-8126

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges...

CVE-2017-8170

CVE-2017-8170 targets Huawei smartphones with software earlier than VIE-L09C40B360. Root cause: buffer overflow due to lack of parameter validation in the vulnerable component. Exploitation scenario: a user is tricked into installing a malicious app that runs with root privileges and can send a c...

CVE-2017-8211

The CVE-2017-8211 entry concerns a buffer overflow in the driver of Huawei Honor 5C and Honor 6X smartphones. Affected software versions are earlier than NEM-AL10C00B356 (for Honor 5C) and Berlin-L21HNC432B360 (for Honor 6X). The root cause is lack of parameter validation in the driver, enabling ...

CVE-2017-8150

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker wi...

CVE-2017-8149

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attack...

CVE-2017-8210

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has...

CVE-2017-8212

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has...

CVE-2017-8205

The CVE-2017-8205 issue affects the Bastet driver in Huawei Honor 9 smartphones (pre Stanford-AL10C00B175). The root cause is an integer overflow caused by missing parameter validation in the driver, allowing a malicious app with root privileges to send a crafted parameter to the driver and trigg...

CVE-2017-8205

The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a...

CVE-2017-8170

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone,...

CVE-2017-8186

CVE-2017-8186 affects the Bastet component on Huawei mobile devices with software older than MHA-AL00BC00B231. Root cause: lack of parameter validation in Bastet. Exploitation: an attacker can coerce a user into installing a malicious app that modifies specific parameters to trigger a system rebo...

Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone

The CameraISP driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-34416)

Huawei DP300, RP200, TE series and TX50 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A buffer overflow vulnerability exists in several Huawei products, which is caused by the device failing to adequately validate parameters in the...