“An Out of Bound Read Vulnerability exists in some Huawei Smartphones. This vulnerability exists because the software reads data past the intended buffer. due to installing a crafted application. A remote attacker could exploit this vulnerability by tricking the user into installing a crafted application on the targeted system. Successful exploitation of this vulnerability could allow the remote attacker to access sensitive information from the targeted system,” said CERT-In.
The advisory also alerted users about another vulnerability. “An Improper Authentication Bypass Vulnerability exists in Huawei Smartphones due to insufficient validation of users identity in software. In order to exploit this vulnerability, the attacker needs to have physical access to the smartphone. Successful exploitation of this vulnerability could allow the attacker to bypass the limit of student mode function,” it explained.
CERT-In is advising users to upgrade to the latest software version the moment they receive an update on their phones.
As per the advisory these are phones software versions and model names that are affected:
-Honor View20, Versions earlier than 10.0.0.179(C636E3R4P3)
-Honor View20, Versions earlier than 10.0.0.180(C185E3R3P3)
-Honor View20, Versions earlier than 10.0.0.180(C432E10R3P4)
-Honor View20, Versions earlier than 10.0.0.188(C00E62R2P11)
-Honor 20, Versions earlier than 10.0.0.187(C00E60R4P11)
-Honor 20 PRO, Versions earlier than 10.0.0.187(C00E60R4P11)
-Honor Magic2, Versions earlier than 10.0.0.176(C00E60R2P11)
-Honor P20, Versions earlier than 10.0.0.156(C00E156R1P4)