CVE-2017-17158

Name of the Vulnerable Software and Affected Versions: Huawei smart phones versions before Berlin-L21HNC185B381 Huawei smart phones versions before Prague-AL00AC00B223 Huawei smart phones versions before Prague-AL00BC00B223 Huawei smart phones versions before Prague-AL00CC00B223 Huawei smart phones versions before Prague-L31C432B208 Huawei smart phones versions before Prague-TL00AC01B223

Description: The issue allows an unauthenticated attacker to potentially expose information on a user's smart phone by sending specially crafted messages when the phone is connected to a malicious device for charging. This is due to insufficient input validation of the messages.

Recommendations: For versions before Berlin-L21HNC185B381, update to a version after Berlin-L21HNC185B381 to resolve the issue. For versions before Prague-AL00AC00B223, update to a version after Prague-AL00AC00B223 to resolve the issue. For versions before Prague-AL00BC00B223, update to a version after Prague-AL00BC00B223 to resolve the issue. For versions before Prague-AL00CC00B223, update to a version after Prague-AL00CC00B223 to resolve the issue. For versions before Prague-L31C432B208, update to a version after Prague-L31C432B208 to resolve the issue. For versions before Prague-TL00AC01B223, update to a version after Prague-TL00AC01B223 to resolve the issue. As a temporary workaround, consider restricting connections to trusted devices to minimize the risk of exploitation.