CVE-2017-15308

Summary

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.

Affected Software

VendorProductVersion RangeStatus
Huawei Technologies Co., Ltd.iReaderbefore 8.0.2.301affected

Weaknesses

  • input validation

ADP Enrichment

CVE Program Container

Additional References

References