CVE-2017-2707

HIGH

Huawei Mate 9 Firmware - Download Without Integrity Check

Title source: rule

Description

Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en

Scores

CVSS v3 7.1

EPSS 0.0004

EPSS Percentile 10.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE

CWE-494

Status published

Products (2)

huawei/mate_9_firmware < mha-al00ac00b125

Huawei Technologies Co., Ltd./Mate 9 MHA-AL00AC00B125

Published Nov 22, 2017

Tracked Since Feb 18, 2026