Security Advisory – Information Disclosure Vulnerability on Honor Smart Scale Application

cyber

 

There is an information disclosure vulnerability on Honor Smart Scale application. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2018-01020)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17322.

Huawei has released software updates to fix this vulnerability.

Product Name Affected Version Resolved Product and Version
Honor Smart Scale Application 1.1.1 Upgrade to 1.1.2

Successful exploit could cause information disclosure.

This vulnerability can be exploited only when the following conditions are present:

An attacker could trick the user to click a malicious link.

Vulnerability details:

The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure.

This vulnerability was discovered by Huawei internal tester.

To read the original article:

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-01-ah-en

 

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Next Post

Multiples vulnérabilités dans SCADA les produits Siemens

De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens . Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l’intégrité des données et une atteinte à la confidentialité des données. RISQUE(S) Contournement de la politique de sécurité Atteinte à l’intégrité […]