CVE-2017-17159

MEDIUM

Huawei NXT-AL10C00B386 et al - DoS

Title source: llm

Description

Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (5)

huawei/mt8-emui4.1_firmware nxt-al10c00b386

huawei/mt8-emui4.1_firmware nxt-cl00c92b386

huawei/mt8-emui4.1_firmware nxt-dl00c17b386

huawei/mt8-emui4.1_firmware nxt-tl00c01b386sp01

huawei/nts-al00_firmware nts-al00c00b535

Published Feb 15, 2018

Tracked Since Feb 18, 2026