Vulnerabilities > CVE-2016-3677 - 7PK - Security Features vulnerability in Huawei Hilink APP and Wear APP

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

huawei

CWE-254

NVD

Published: 2016-06-13

Updated: 2016-11-28

Summary

The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.

Vulnerable Configurations

Part	Description	Count
Application	Huawei Huawei Hilink APP - Huawei Wear APP -	2

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-en
http://www.securityfocus.com/bid/86536