CVE-2017-2694
N/A
N/A
Summary
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Huawei Technologies Co., Ltd. | HwVmall | Earlier than HwVmall 1.5.2.0 versions | affected |
Weaknesses
- Improper Permission Control
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/95915
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en
References
- http://www.securityfocus.com/bid/95915
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.