CVE-2017-8207 Information

Description

The driver of honor 5C honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356 versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system the APP can send a specific parameter to the driver of the smart phone causing a system reboot or arbitrary code execution.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8