Security Bypass in Huawei P7-L10 Smartphones
CVE-2014-9135

Currently unrated

Key Information:

Vendor
Huawei
Status
P7-l10 Firmware
Vendor
CVE Published:
19 December 2014

Summary

The PackageInstaller module in Huawei P7-L10 smartphones prior to version V100R001C00B136 is susceptible to a security bypass vulnerability. This flaw enables remote attackers to spoof the origin of a website, effectively circumventing the website whitelist protection mechanism. By exploiting this vulnerability, attackers can trick users into installing malicious packages from compromised sites, posing significant risks to device integrity and user privacy.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/99283
vdb-entryx_refsource_XF
http://www.huawei.com/en/security/psirt/security-bulletin...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.