CVE-2016-8273

Summary

Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.

Affected Software

VendorProductVersion RangeStatus
n/aHiSuite 4.0.5.300_OVEHiSuite 4.0.5.300_OVEaffected

Weaknesses

  • a man-in-the-middle (MITM)

ADP Enrichment

CVE Program Container

Additional References

References