SSL Certificate Validation Flaw in Huawei Wear App for Android
CVE-2016-3677

6.5MEDIUM

Key Information:

Vendor
Huawei
Vendor
CVE Published:
13 June 2016

Summary

The Huawei Wear App for Android, prior to version 15.0.0.307, contains a critical flaw that fails to properly validate SSL certificates. This vulnerability could allow local users to execute attacks by exploiting the lack of proper certificate validation, which potentially opens the door for unknown vectors of impact. Users of the application should take proactive measures to mitigate possible local exploitation until a patch is applied.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.