CVE-2017-17159
Description
Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Some Huawei smartphones with specific firmware versions can be remotely rebooted by sending malformed System Information messages. [1]
Vulnerability
A denial-of-service (DoS) vulnerability exists in some Huawei smartphones running firmware versions NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, and NTS-AL00C00B535 [1]. The bug is located in the parsing of System Information (SI) messages and is due to insufficient input validation. No special configuration or privileges on the device are required to reach the vulnerable code path.
Exploitation
An unauthenticated attacker needs to be within radio range of the target smartphone and employ a special wireless device capable of transmitting malformed SI messages [1]. The attack does not require any user interaction; the malformed message is processed automatically, triggering the software flaw and causing the device to reboot.
Impact
Successful exploitation causes the smartphone to restart, resulting in a temporary denial of service [1]. The attacker does not gain code execution, data access, or persistence; the impact is limited to service interruption until the device completes its reboot cycle.
Mitigation
Huawei has released fixed firmware versions: NXT-AL10C00B592, NXT-CL00C92B592, NXT-DL00C17B592, NXT-TL00C01B592, and NTS-AL00C00B539 [1]. Users should update their devices to these versions via the official update mechanism. No workarounds are documented by the vendor.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535
- Huawei Technologies Co., Ltd./MT8-EMUI4.1,NTS-AL00v5Range: NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01,NTS-AL00C00B535
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.