Authorization

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific...

CVE-2018-7926

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific...

Security Advisory - Improper Authorization Vulnerability in Huawei Watches

There is an improper authorization vulnerability in some Huawei watches. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch...

CVE-2017-17149

CVE-2017-17149 concerns Huawei HiWallet App (versions before 8.0.4). The flaw allows an attacker with root access on a user’s device to bypass Huawei ID verification during lock-pattern change and change the lock pattern. Root-privileged exploitation is the condition; impact is the ability to mod...

CVE-2017-17149

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successf...