CVE-2017-8214

Published: Nov 22, 2017Modified: May 13, 2026

6.2

Vector

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.3 / Impact: 5.9

Source: NVD

Description

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.

Affected (22)

Products: Huawei: Honor 8 Firmware, Honor V8 Firmware, Honor 9 Firmware, Honor V9 Firmware, Nova 2 Firmware, Nova 2 Plus Firmware, P9 Firmware, P10 Plus Firmware, Toronto Firmware

9 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 8 Firmware	Before frd-al00c00b391

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor 8 Firmware	Before frd-dl00c00b391

Running on/with	Platform Versions
Huawei Honor 8	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor V8 Firmware	Before knt-al10c00b391

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor V8 Firmware	Before knt-al20c00b391

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor V8 Firmware	Before knt-ul10c00b391

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor V8 Firmware	Before knt-tl10c00b391

Running on/with	Platform Versions
Huawei Honor V8	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 9 Firmware	Before stanford-al00c00b175

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 9 Firmware	Before stanford-al10c00b175

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor 9 Firmware	Before stanford-tl00c01b175

Running on/with	Platform Versions
Huawei Honor 9	All versions

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor V9 Firmware	Before duke-al20c00b191

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor V9 Firmware	Before duke-tl30c01b191

Running on/with	Platform Versions
Huawei Honor V9	All versions

Configuration L

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Nova 2 Firmware	Before picasso-al00c00b162

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nova 2 Firmware	Before picasso-tl00c01b162

Running on/with	Platform Versions
Huawei Nova 2	All versions

Configuration N

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Nova 2 Plus Firmware	Before barca-al00c00b162

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nova 2 Plus Firmware	Before barca-tl00c00b162

Running on/with	Platform Versions
Huawei Nova 2 Plus	All versions

Configuration P

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-al10c00b396sp03

Configuration Q

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-cl00c92b396

Configuration R

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-dl00c17b396

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P9 Firmware	Before eva-tl00c01b396

Running on/with	Platform Versions
Huawei P9	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P10 Plus Firmware	Before vicky-al00ac00b172

Running on/with	Platform Versions
Huawei P10 Plus	All versions

Configuration U

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Toronto Firmware	Before toronto-al00ac00b191

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Toronto Firmware	Before toronto-tl10c01b191

Running on/with	Platform Versions
Huawei Toronto	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en

Source: psirt@huawei.com

Issue TrackingVendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.