CVE-2017-17161

The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.

Published: Feb 15, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-17161
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
huawei / duke-l09_firmware	-	duke-l09c10b186
huawei / duke-l09_firmware	-	duke-l09c432b187
huawei / duke-l09_firmware	-	duke-l09c636b186

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en

Vulnerability Database

289,697

CVE-2017-17161