Phone Activation Bypass in Huawei P9 Smartphones by Huawei
CVE-2017-2705

2.4LOW

Key Information:

Vendor: McAfee
Status: Huawei P9
Vendor: CVE Published:; 22 November 2017

What is CVE-2017-2705?

Huawei P9 smartphones are susceptible to a phone activation bypass vulnerability that enables an unauthenticated attacker to access the settings page directly. This flaw exists in specific software versions prior to EVA-AL10C00B365 and similar versions, potentially jeopardizing user data and security. It is crucial for users to upgrade to the latest software to mitigate this issue and ensure device protection.

Affected Version(s)

Huawei P9 Versions earlier before EVA-AL10C00B365, Versions earlier before EVA-AL00C00B365, Versions earlier before EVA-CL00C92B365, Versions earlier before EVA-DL00C17B365, Versions earlier before EVA-TL00C01B365

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95661

vdb-entryx_refsource_BID

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016

McAfee

What is CVE-2017-2705?

Affected Version(s)

References

CVSS V3.1

Timeline