CVE-2017-2739

LOW

Huawei Vmall < 1.5.3.0 - Download Without Integrity Check

Title source: rule

Description

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en

Scores

CVSS v3 3.1

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-494

Status published

Products (2)

huawei/vmall < 1.5.3.0

Huawei Technologies Co., Ltd./Vmall Earlier than HwVmall 1.5.3.0 versions

Published Nov 22, 2017

Tracked Since Feb 18, 2026