3 matches found
CVE-2017-2694
The CVE-2017-2694 issue affects Huawei HwVmall’s AlarmService prior to version 1.5.2.0. Root cause: AlarmService does not enforce invocation permissions, allowing any third‑party app to call it. Impact: an attacker could trigger alert music unexpectedly, degrading user experience. Evidence in mul...
CVE-2017-2739
CVE-2017-2739 describes a MITM risk in Huawei Vmall APP upgrades: the upgrade package is transferred over HTTP, allowing an attacker on an adjacent network to tamper with the package and implant malicious code. The issue stems from unencrypted upgrade delivery, with impact described as tampering/...
CVE-2017-8153
Huawei VMall (Android) prior to version 1.5.8.5 contains a privilege-elevation vulnerability due to improper design. An attacker can trick a user into installing a malicious app that can send HTTP requests and execute JavaScript in web pages without Internet permission, potentially causing resour...