SSL Certificate Validation Flaw in Huawei Hilink App for Android
CVE-2016-4005

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Hilink App
Vendor: CVE Published:; 13 June 2016

Summary

The Huawei Hilink App for Android prior to version 3.19.2 exhibits a critical vulnerability due to its failure to properly validate SSL certificates. This oversight can allow local users to exploit unspecified vectors, potentially compromising the security and privacy of sensitive information transmitted through the application. Users are strongly advised to update to the latest version to mitigate associated risks.

References

http://www.securityfocus.com/bid/86536

vdb-entryx_refsource_BID

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2016
Vulnerability Reserved
Apr 12, 2016