CVE-2017-15325

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:prague-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:prague-al00a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:prague-al00b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:prague-al00b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:huawei:prague-al00c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:prague-al00c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:huawei:prague-tl00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:prague-tl00a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:huawei:prague-tl10a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:prague-tl10a:-:*:*:*:*:*:*:*

Information

Published : 2018-03-23 09:29

Updated : 2018-04-19 07:02


NVD link : CVE-2017-15325

Mitre link : CVE-2017-15325


JSON object : View

CWE
CWE-190

Integer Overflow or Wraparound

Advertisement

dedicated server usa

Products Affected

huawei

  • prague-tl10a
  • prague-al00b
  • prague-al00a
  • prague-al00c_firmware
  • prague-al00a_firmware
  • prague-tl00a
  • prague-tl00a_firmware
  • prague-tl10a_firmware
  • prague-al00c
  • prague-al00b_firmware