Huawei P9 Firmware vulnerabilities
13 known vulnerabilities affecting huawei/p9_firmware.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM10LOW2
Vulnerabilities
Page 1 of 1
CVE-2017-17171MEDIUMCVSS 4.2fixed in eva-al00c00b398fixed in eva-al10c00b398+13 more2018-06-01
CVE-2017-17171 [MEDIUM] CWE-20 CVE-2017-17171: Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processi
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phon
nvd
CVE-2017-17319MEDIUMCVSS 5.5fixed in eva-al10c00b399sp022018-03-20
CVE-2017-17319 [MEDIUM] CWE-200 CVE-2017-17319: Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vu
Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information di
nvd
CVE-2017-8150HIGHCVSS 7.8fixed in eva-l09c432b391fixed in eva-l09c576b386+7 more2017-11-22
CVE-2017-8150 [HIGH] CWE-119 CVE-2017-8150: The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria
The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a use
nvd
CVE-2017-8148MEDIUMCVSS 4.7fixed in eva-al10c00b3892017-11-22
CVE-2017-8148 [MEDIUM] CWE-362 CVE-2017-8148: Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of ser
Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot.
nvd
CVE-2017-2703MEDIUMCVSS 6.8fixed in eva-al10c00b373fixed in eva-cl10c00b373+2 more2017-11-22
CVE-2017-2703 [MEDIUM] CVE-2017-2703: Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Ve
Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An att
nvd
CVE-2017-8214MEDIUMCVSS 6.2fixed in eva-al10c00b396sp03fixed in eva-cl00c92b396+2 more2017-11-22
CVE-2017-8214 [MEDIUM] CWE-287 CVE-2017-8214: Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with so
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions
nvd
CVE-2017-2713MEDIUMCVSS 5.4fixed in eva-l09c432b383fixed in eva-l09c636b380+2 more2017-11-22
CVE-2017-2713 [MEDIUM] CWE-20 CVE-2017-2713: HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before
HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtai
nvd
CVE-2017-2727MEDIUMCVSS 4.3fixed in eva-al00c00b365fixed in eva-al10c00b365+3 more2017-11-22
CVE-2017-2727 [MEDIUM] CVE-2017-2727: Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier befor
Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a privilege escalation vulnerability. An unauthenticated attacker can bypass phone activation to user management pag
nvd
CVE-2017-8215MEDIUMCVSS 6.2fixed in eva-al10c00b396sp03fixed in eva-cl00c92b396+2 more2017-11-22
CVE-2017-8215 [MEDIUM] CVE-2017-8215: Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with so
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier
nvd
CVE-2017-2691MEDIUMCVSS 6.8fixed in eva-tl00c01b373fixed in eva-dl00c17b373+2 more2017-11-22
CVE-2017-2691 [MEDIUM] CVE-2017-2691: Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions
Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login th
nvd
CVE-2017-2705LOWCVSS 2.4fixed in eva-al00c00b365fixed in eva-al10c00b365+3 more2017-11-22
CVE-2017-2705 [LOW] CVE-2017-2705: Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before
Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a phone activation bypass vulnerability. Successful exploit could allow an unauthenticated attacker to bypass phone act
nvd
CVE-2016-8776MEDIUMCVSS 4.6veva-al10c00veva-cl10c00+2 more2017-04-02
CVE-2016-8776 [MEDIUM] CWE-285 CVE-2016-8776: Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones wi
Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.
nvd
CVE-2016-8757LOWCVSS 3.3≥ eva-al10, ≤ eva-al10c00b192≥ eva-cl10, ≤ eva-cl10c00b192+2 more2017-04-02
CVE-2016-8757 [LOW] CWE-200 CVE-2016-8757: ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions,
ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory.
nvd