A vulnerability was found in Huawei Honor 6X up to Berlin-L22C636B150. It has been classified as critical. Affected is an unknown code block of the component Bluetooth. The manipulation with an unknown input leads to a 7pk security vulnerability. CWE is classifying the issue as CWE-254. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Some HHuawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.

The bug was discovered 03/23/2017. The weakness was disclosed 11/22/2017 with Tencent (Website). The advisory is available at huawei.com. This vulnerability is traded as CVE-2017-2728 since 12/01/2016. Access to the local network is required for this attack. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1211 by the MITRE ATT&CK project.

The vulnerability was handled as a non-public zero-day exploit for at least 244 days. During that time the estimated underground price was around $0-$5k.

Upgrading eliminates this vulnerability.

Productinfo

Vendor

• Huawei

Name

• Honor 6X

Version

• Berlin-L22C636B150

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion