This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - Denial of Service Vulnerability on Huawei Smartphones

  • SA No:huawei-sa-20171108-01-smartphone
  • Initial Release Date: 2017-11-08
  • Last Release Date: 2020-08-26

There is a denial of service vulnerability on Huawei Smartphones. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. (Vulnerability ID: HWPSIRT-2017-09085)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15345.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-en

Product Name

Affected Version

Resolved Product and Version

B520s-93a

B520s-93aTCPU-V100R001B237D01SP00C00

B520s-93aTCPU-V100R001B182D61SP00C00

Barca-AL00

Versions earlier than Barca-AL00C00B180

Barca-AL00C00B180

Berlin-AL10A

Versions earlier than Berlin-AL10AC00B380

Berlin-AL10AC00B380

Berlin-L24HN

Versions earlier than Berlin-L24HNC567B366

Berlin-L24HNC567B366

Berlin-TL00

Versions earlier than Berlin-TL00C01B380

Berlin-TL00C01B380

Berlin-TL10

Versions earlier than Berlin-TL10C01B380

Berlin-TL10C01B380

CAM-TL00

Versions earlier than CAM-TL00C01B240

CAM-TL00C01B240

CAM-TL00H

Versions earlier than CAM-TL00HC00B240

CAM-TL00HC00B240

Duke-AL20

Versions earlier than Duke-AL20C00B208

Duke-AL20C00B208

Duke-L09

Versions earlier than Duke-L09C10B186

Duke-L09C10B186

Versions earlier than Duke-L09C432B187

Duke-L09C432B187

Versions earlier than Duke-L09C636B186

Duke-L09C636B186

Duke-TL30

Versions earlier than Duke-TL30C01B208

Duke-TL30C01B208

EVA-AL10

Versions earlier than EVA-AL10C00B399SP02

EVA-AL10C00B399SP02

EVA-L09

Versions earlier than EVA-L09C675B321CUSTC675D002

EVA-L09C675B321CUSTC675D002

EVA-TL00

Versions earlier than EVA-TL00C01B399SP02

EVA-TL00C01B399SP02

FRD-AL10

Versions earlier than FRD-AL10C01B395

FRD-AL10C01B395

FRD-DL00

Versions earlier than FRD-DL00C00B395

FRD-DL00C00B395

FRD-L04

Versions earlier than FRD-L04C567B389a

FRD-L04C567B389a

FRD-L14

Versions earlier than FRD-L14C567B389a

FRD-L14C567B389a

KNT-AL20

Versions earlier than KNT-AL20C00B395

KNT-AL20C00B395

KNT-TL10

Versions earlier than KNT-TL10C01B395

KNT-TL10C01B395

KNT-UL10

Versions earlier than KNT-UL10C00B395

KNT-UL10C00B395

LON-L29D

LON-L29DC721B188

8.0.0.361(C721)

Versions earlier than LON-L29DC721B189

LON-L29DC721B189

ME919Bs-127bN

ME919Bs-127bNTCPU-V100R001B655D99SP15C00

ME919Bs-127bNTCPU-V100R001B785D03SP00C1400

NEM-AL10

Versions earlier than NEM-AL10C00B202

NEM-AL10C00B202

NEM-L22

Versions earlier than NEM-L22C675B341CUSTC675D001

NEM-L22C675B341CUSTC675D001

NEM-TL00

Versions earlier than NEM-TL00C01B203

NEM-TL00C01B203

NEM-TL00H

Versions earlier than NEM-TL00HC00B203

NEM-TL00HC00B203

NEM-UL10

Versions earlier than NEM-UL10C00B203

NEM-UL10C00B203

NTS-AL00

Versions earlier than NTS-AL00C00B551

NTS-AL00C00B551

Picasso-AL00

Versions earlier than Picasso-AL00C00B180

Picasso-AL00C00B180

Prague-AL00B

Versions earlier than Prague-AL00BC00B205

Prague-AL00BC00B205

Prague-AL00C

Versions earlier than Prague-AL00CC00B205

Prague-AL00CC00B205

Prague-TL00A

Versions earlier than Prague-TL00AC01B205

Prague-TL00AC01B205

Prague-TL10A

Versions earlier than Prague-TL10AC01B205

Prague-TL10AC01B205

Stanford-AL00

Stanford-AL00C00B123

Stanford-AL10C00B201

Stanford-AL10

Versions earlier than Stanford-AL10C00B201

Stanford-AL10C00B201

Stanford-TL10

Versions earlier than Stanford-TL10C01B201

Stanford-TL10C01B201

VIE-L09

Versions earlier than VIE-L09C02B355

VIE-L09C02B355

Versions earlier than VIE-L09C109B344

VIE-L09C109B344

Versions earlier than VIE-L09C113B376

VIE-L09C113B376

Versions earlier than VIE-L09C150B383

VIE-L09C150B383

Versions earlier than VIE-L09C25B324CUSTC25D001

VIE-L09C25B324CUSTC25D001

Versions earlier than VIE-L09C318B190

VIE-L09C318B190

Versions earlier than VIE-L09C432B386

VIE-L09C432B386

Versions earlier than VIE-L09C55B386

VIE-L09C55B386

Versions earlier than VIE-L09C576B332

VIE-L09C576B332

Versions earlier than VIE-L09C706B383

VIE-L09C706B383

Versions earlier than VIE-L09ITAC555B375

VIE-L09ITAC555B375

VNS-TL00

Versions earlier than VNS-TL00C01B243

VNS-TL00C01B243

Vicky-AL00A

Versions earlier than Vicky-AL00AC00B217

Vicky-AL00AC00B217

Warsaw-AL00

Versions earlier than Warsaw-AL00C00B231

Warsaw-AL00C00B231

Warsaw-TL10

Versions earlier than Warsaw-TL10C01B231

Warsaw-TL10C01B231



Successful exploit could cause the device to reboot.

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

Base Score: 5.3 (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Temporal Score: 4.9 (E:F/RL:O/RC:C)

This vulnerability can be exploited only when the following conditions are present:

The attacker forges a base station.

Vulnerability details:

An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.

This vulnerability was discovered by Huawei internal tester.

2020-08-26 V1.1 UPDATED Updated the "Software Versions and Fixes" section;

2017-11-08 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.