Huawei P9 Plus Firmware vulnerabilities
6 known vulnerabilities affecting huawei/p9_plus_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2017-17171MEDIUMCVSS 4.2fixed in vie-l09c318b182fixed in vie-l09c432b380+3 more2018-06-01
CVE-2017-17171 [MEDIUM] CWE-20 CVE-2017-17171: Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processi
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phon
nvd
CVE-2016-8783HIGHCVSS 7.8fixed in vie-al10bc00b3562018-03-09
CVE-2016-8783 [HIGH] CWE-119 CVE-2016-8783: Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions
Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege.
nvd
CVE-2017-8140HIGHCVSS 7.8fixed in vie-al10bc00b3532017-11-22
CVE-2017-8140 [HIGH] CWE-415 CVE-2017-8140: The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353
The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbit
nvd
CVE-2017-2711MEDIUMCVSS 5.5fixed in vie-al10c00b3522017-11-22
CVE-2017-2711 [MEDIUM] CWE-20 CVE-2017-2711: P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vul
P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system.
nvd
CVE-2017-2734MEDIUMCVSS 5.5fixed in vie-al10bc00b3862017-11-22
CVE-2017-2734 [MEDIUM] CWE-400 CVE-2017-2734: P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service
P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be cras
nvd
CVE-2017-2731MEDIUMCVSS 5.5fixed in vie-al10c00b3862017-11-22
CVE-2017-2731 [MEDIUM] CWE-20 CVE-2017-2731: The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 h
The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system.
nvd