0
1
There is an information disclosure vulnerability on Honor Smart Scale application. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2018-01020)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17322.
Huawei has released software updates to fix this vulnerability.
| Product Name | Affected Version | Resolved Product and Version |
| Honor Smart Scale Application | 1.1.1 | Upgrade to 1.1.2 |
Successful exploit could cause information disclosure.
This vulnerability can be exploited only when the following conditions are present:
An attacker could trick the user to click a malicious link.
Vulnerability details:
The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure.
This vulnerability was discovered by Huawei internal tester.
To read the original article:
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-01-ah-en
