CVE-2017-2694

Summary

The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.

Affected Software

VendorProductVersion RangeStatus
Huawei Technologies Co., Ltd.HwVmallEarlier than HwVmall 1.5.2.0 versionsaffected

Weaknesses

  • Improper Permission Control

ADP Enrichment

CVE Program Container

Additional References

References