CVE-2017-8209
HIGHHuawei Honor 5C and 6X Firmware < NEM-AL10C00B356, < Berlin-L21HNC432B360 - Buffer Overflow via Malicious APP
Title source: llmDescription
The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en
Scores
CVSS v3
7.8
EPSS
0.0018
EPSS Percentile
38.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (3)
huawei/honor_5c_firmware
< nem-al10c00b356
huawei/honor_6x_firmware
< berlin-l21hnc432b360
Huawei Technologies Co., Ltd./honor 5C,honor 6x
Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026