Description
Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwallet-en
Scores
CVSS v3
3.9
EPSS
0.0003
EPSS Percentile
7.4%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
huawei/hiwallet
< 8.0.4
Published
Mar 09, 2018
Tracked Since
Feb 18, 2026