CVE-2017-8212

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 60.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Honor 5C Firmware Huawei Honor 6X Firmware

Timeline

PublishedNov 22

Latest updateMay 17

Description

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/honor_5c_firmware< nem-al10c00b356

▶NVDhuawei/honor_6x_firmware< berlin-l21hnc432b360

🔴Vulnerability Details

GHSA

GHSA-83j6-7r4p-cw53: The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360↗2022-05-17

▶

CVEList

CVE-2017-8212: The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360↗2017-11-22

▶