PT-2017-18182 · Huawei · Hiwallet App
Zhang Qing
·
Published
2017-11-22
·
Updated
2017-12-11
·
CVE-2017-8177
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei APP HiWallet versions earlier than 5.0.3.100
Description
The issue allows an attacker to exploit the lack of signature verification for APK files, potentially leading to the hijacking of the APP by uploading a modified APK file. This could result in the APP being compromised.
Recommendations
For versions earlier than 5.0.3.100, update to version 5.0.3.100 or later to resolve the issue. As a temporary workaround, consider restricting access to APK file uploads until the update is applied.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hiwallet App