Details of VAR-201711-0255

ID

VAR-201711-0255

CVE

CVE-2017-2739

TITLE

Huawei Vmall Vulnerabilities related to authorization, authority, and access control in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-010723

DESCRIPTION

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. Huawei Vmall Applications have vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. HuaweiVmall is the smartphone of China Huawei. There is a man-in-the-middle attack vulnerability in HuaweiVmallAPP. Huawei Vmall is China's Huawei ( Huawei ) company's built-in Huawei Mall application in a Huawei mobile phone

Trust: 2.25

sources: NVD: CVE-2017-2739 // JVNDB: JVNDB-2017-010723 // CNVD: CNVD-2017-09361 // VULHUB: VHN-110942

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-09361

AFFECTED PRODUCTS

vendor:	huawei	model:	vmall	scope:	lt	version:	1.5.3.0	Trust: 1.6
vendor:	huawei	model:	hwvmall	scope:	lt	version:	1.5.3.0	Trust: 0.8

sources: CNVD: CNVD-2017-09361 // JVNDB: JVNDB-2017-010723 // NVD: CVE-2017-2739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2739
value:	LOW
Trust: 1.0
NVD:	CVE-2017-2739
value:	LOW
Trust: 0.8
CNVD:	CNVD-2017-09361
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201711-999
value:	LOW
Trust: 0.6
VULHUB:	VHN-110942
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-2739
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-09361
severity:	LOW
baseScore:	1.2
vectorString:	AV:L/AC:H/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	1.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110942
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2739
baseSeverity:	LOW
baseScore:	3.1
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-09361 // VULHUB: VHN-110942 // JVNDB: JVNDB-2017-010723 // CNNVD: CNNVD-201711-999 // NVD: CVE-2017-2739

PROBLEMTYPE DATA

problemtype:	CWE-494	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-110942 // JVNDB: JVNDB-2017-010723 // NVD: CVE-2017-2739

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-999

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-999

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010723

PATCH

title:	huawei-sa-20170208-01-vmall	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en	Trust: 0.8
title:	HuaweiVmallAPP man-in-the-middle attack vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/88848	Trust: 0.6
title:	Huawei Vmall Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76709	Trust: 0.6

sources: CNVD: CNVD-2017-09361 // JVNDB: JVNDB-2017-010723 // CNNVD: CNNVD-201711-999

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2739	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010723	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-999	Trust: 0.7
db:	CNVD	id:	CNVD-2017-09361	Trust: 0.6
db:	VULHUB	id:	VHN-110942	Trust: 0.1

sources: CNVD: CNVD-2017-09361 // VULHUB: VHN-110942 // JVNDB: JVNDB-2017-010723 // CNNVD: CNNVD-201711-999 // NVD: CVE-2017-2739

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2739	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2739	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170208-01-vmall-cn	Trust: 0.6

sources: CNVD: CNVD-2017-09361 // VULHUB: VHN-110942 // JVNDB: JVNDB-2017-010723 // CNNVD: CNNVD-201711-999 // NVD: CVE-2017-2739

SOURCES

db:	CNVD	id:	CNVD-2017-09361
db:	VULHUB	id:	VHN-110942
db:	JVNDB	id:	JVNDB-2017-010723
db:	CNNVD	id:	CNNVD-201711-999
db:	NVD	id:	CVE-2017-2739

LAST UPDATE DATE

2025-04-20T23:39:59.930000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-09361	date:	2017-06-13T00:00:00
db:	VULHUB	id:	VHN-110942	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-010723	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-999	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2739	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-09361	date:	2017-02-09T00:00:00
db:	VULHUB	id:	VHN-110942	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010723	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-999	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-2739	date:	2017-11-22T19:29:02.067