PT-2017-18182 · Huawei · Hiwallet App
Zhang Qing
·
Publicado
2017-11-22
·
Atualizado
2017-12-11
·
CVE-2017-8177
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei APP HiWallet versions earlier than 5.0.3.100
Description
The issue allows an attacker to exploit the lack of signature verification for APK files, potentially leading to the hijacking of the APP by uploading a modified APK file. This could result in the APP being compromised.
Recommendations
For versions earlier than 5.0.3.100, update to version 5.0.3.100 or later to resolve the issue. As a temporary workaround, consider restricting access to APK file uploads until the update is applied.
Correção
Improper Verification of Cryptographic Signature
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hiwallet App