| Description |
|---|
|
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. Impacted versions: * Base Score: 2.9, Severity: LOW, ID: CVE-2017-2739, Last Modified: 2019-10-03T00:03:00Z References Vendor Advisory |
|
Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak. Impacted versions: * Base Score: 5.8, Severity: MEDIUM, ID: CVE-2017-8153, Last Modified: 2017-12-12T16:23:00Z References Issue Tracking Issue Tracking |
|
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. Impacted versions: * Base Score: 4.3, Severity: MEDIUM, ID: CVE-2017-2694, Last Modified: 2017-12-11T17:06:00Z References Vendor Advisory Third Party Advisory Third Party Advisory |
USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
