Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-8153

Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak.

Published

2017-11-22T19:29:03.477

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-275
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application huawei vmall < 1.5.8.5 Yes
References