CVE-2016-8273

Name of the Vulnerable Software and Affected Versions Huawei HiSuite version 4.0.5.300 OVE

Description The issue concerns the use of insecure HTTP for software package downloads and the lack of integrity checks on the downloaded packages. This allows an attacker to potentially launch a Man-In-The-Middle (MITM) attack, interrupting or replacing the software package, which could further compromise the PC.

Recommendations For Huawei HiSuite version 4.0.5.300 OVE, consider disabling the automatic software update feature until a secure update mechanism is implemented. Restrict access to the upgrade software package download feature to minimize the risk of exploitation. Avoid using insecure HTTP connections for software package downloads; instead, use a secure connection such as HTTPS. As a temporary workaround, manually verify the integrity of the software package before installing it. At the moment, there is no information about a newer version that contains a fix for this vulnerability.