CVE-2017-17159

Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-al10c00b386:*:*:*:*:*:*:*
cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-cl00c92b386:*:*:*:*:*:*:*
cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-dl00c17b386:*:*:*:*:*:*:*
cpe:2.3:o:huawei:mt8-emui4.1_firmware:nxt-tl00c01b386sp01:*:*:*:*:*:*:*
cpe:2.3:h:huawei:mt8-emui4.1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:nts-al00_firmware:nts-al00c00b535:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nts-al00:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:17

Type Values Removed Values Added
References () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en - Vendor Advisory () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en - Vendor Advisory

Information

Published : 2018-02-15 16:29

Updated : 2024-11-21 03:17


NVD link : CVE-2017-17159

Mitre link : CVE-2017-17159

CVE.ORG link : CVE-2017-17159


JSON object : View

Products Affected

huawei

  • mt8-emui4.1_firmware
  • nts-al00_firmware
  • mt8-emui4.1
  • nts-al00
CWE
CWE-20

Improper Input Validation