PT-2018-6422 · Huawei · Huawei Smartphone
Published
2018-02-15
·
Updated
2019-10-03
·
CVE-2017-17161
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Huawei smart phones versions earlier than Duke-L09C10B186
Huawei smart phones versions earlier than Duke-L09C432B187
Huawei smart phones versions earlier than Duke-L09C636B186
Description:
The issue is related to an authentication bypass in the 'Find Phone' function due to improper authentication realization. This allows an attacker to bypass the 'Find Phone' function, enabling normal use of the phone.
Recommendations:
For versions earlier than Duke-L09C10B186, update to Duke-L09C10B186 or later to resolve the issue.
For versions earlier than Duke-L09C432B187, update to Duke-L09C432B187 or later to resolve the issue.
For versions earlier than Duke-L09C636B186, update to Duke-L09C636B186 or later to resolve the issue.
As a temporary workaround, consider disabling the 'Find Phone' function until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Smartphone