Insecure HTTP Download in Huawei HiSuite PC Client Software
CVE-2016-8273

7.8HIGH

Key Information:

Vendor
Huawei
Vendor
CVE Published:
2 April 2017

Summary

The Huawei HiSuite PC client software version 4.0.5.300_OVE is vulnerable due to its use of insecure HTTP for downloading upgrade software packages. This flaw allows attackers to potentially perform Man-In-The-Middle (MITM) attacks, enabling them to intercept or alter the downloaded software before installation. Moreover, the software does not verify the integrity of the downloaded package, further exacerbating the risk. Users are strongly advised to implement security measures to mitigate the threat posed by this vulnerability.

Affected Version(s)

HiSuite 4.0.5.300_OVE HiSuite 4.0.5.300_OVE

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.