PT-2017-15486 · Huawei · Huawei Themes App

Published

2017-11-22

Updated

2019-10-03

CVE-2017-2699

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huawei Themes APP versions earlier than PLK-UL00C17B385 Huawei Themes APP versions earlier than CRR-L09C432B380 Huawei Themes APP versions earlier than LYO-L21C577B128

Description The issue allows an attacker to exploit a privilege elevation vulnerability to upload theme packs containing malicious files. This could trick users into installing the theme packets, resulting in the execution of arbitrary code.

Recommendations For versions earlier than PLK-UL00C17B385, update to a version PLK-UL00C17B385 or later. For versions earlier than CRR-L09C432B380, update to a version CRR-L09C432B380 or later. For versions earlier than LYO-L21C577B128, update to a version LYO-L21C577B128 or later.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2017-2699

Affected Products

Huawei Themes App

PT-2017-15486 · Huawei · Huawei Themes App

CVE-2017-2699

Weakness Enumeration

Related Identifiers

Affected Products

References · 4