EUVD-2017-11837

Malware in sbrugna...

CVE-2017-2694

The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experienc...

CVE-2017-2694

The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experienc...

Code injection

The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experienc...

CVE-2017-2694

The CVE-2017-2694 issue affects Huawei HwVmall’s AlarmService prior to version 1.5.2.0. Root cause: AlarmService does not enforce invocation permissions, allowing any third‑party app to call it. Impact: an attacker could trigger alert music unexpectedly, degrading user experience. Evidence in mul...

CVE-2017-2694

The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experienc...

Huawei HwVmall Local Security Bypass Vulnerability

Huawei HwVmall is a set of e-commerce platform for national service. A security vulnerability exists in the AlarmService service component in Huawei HwVmall versions prior to 1.5.2.0. The vulnerability stems from the fact that the program does not have invocation privilege control, and can be...