4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.9%
The PackageInstaller module on Huawei smartphone P7 has a vulnerability in validity check of third-party apps. Attackers can configure some specific information in the malware packages so that smartphones consider that the package is downloaded from whitelisted websites. As a result, the malware can bypass the validity check. (Vulnerability ID: HWPSIRT-2014-0892)
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9135.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-397472.htm>
CPE | Name | Operator | Version |
---|---|---|---|
p7-l10 | lt | V100R001C00B122 |