Permission Issues
CVE-2017-2694
Summary
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.
- LOW
- LOCAL
- LOW
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-275 - Permission Issues
Weaknesses in this category are related to improper assignment or handling of permissions.
References
Advisory Timeline
- Published