PT-2017-15478 · Huawei · Huawei P9

Published

2017-11-22

Updated

2019-10-03

CVE-2017-2691

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Huawei P9 versions earlier than EVA-AL10C00B373 Huawei P9 versions earlier than EVA-CL00C92B373 Huawei P9 versions earlier than EVA-DL00C17B373 Huawei P9 versions earlier than EVA-TL00C01B373

Description The issue allows an unauthenticated attacker to bypass the lock screen. This can be achieved by forcing the phone into fastboot mode and deleting the user's password file during the reboot process, enabling the attacker to log in without the screen lock password after reboot.

Recommendations For versions earlier than EVA-AL10C00B373, update to EVA-AL10C00B373 or later. For versions earlier than EVA-CL00C92B373, update to EVA-CL00C92B373 or later. For versions earlier than EVA-DL00C17B373, update to EVA-DL00C17B373 or later. For versions earlier than EVA-TL00C01B373, update to EVA-TL00C01B373 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-2691

Affected Products

Huawei P9

PT-2017-15478 · Huawei · Huawei P9

CVE-2017-2691

Related Identifiers

Affected Products

References · 4