Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Filtered by product Prague-al00b
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8202 1 Huawei 10 Prague-al00a, Prague-al00a Firmware, Prague-al00b and 7 more 2024-11-21 7.1 HIGH 5.5 MEDIUM
The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot.
CVE-2017-17158 1 Huawei 14 Berlin-l21hn, Berlin-l21hn Firmware, Prague-al00a and 11 more 2024-11-21 2.1 LOW 4.6 MEDIUM
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.
CVE-2017-15325 1 Huawei 10 Prague-al00a, Prague-al00a Firmware, Prague-al00b and 7 more 2024-11-21 9.3 HIGH 7.8 HIGH
The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.