Skip to main content

Download of Code Without Integrity Check

CVE-2017-2739

Severity Low
Score 3.1/10

Summary

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.

  • HIGH
  • ADJACENT_NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-494 - Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References

Advisory Timeline

  • Published