CVE-2017-2739

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.1 LOW
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
huaweivmall
𝑥
< 1.5.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en