Details of VAR-201711-0939

ID

VAR-201711-0939

CVE

CVE-2017-8177

TITLE

Huawei application HiWallet Vulnerability in digital signature verification

Trust: 0.8

sources: JVNDB: JVNDB-2017-010736

DESCRIPTION

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking. Huawei application HiWallet Contains a vulnerability in the verification of digital signatures.Information may be tampered with. Huawei's partial APP lacks a signature authentication vulnerability. Huawei HiWallet is a money management (Huawei Wallet) app for mobile phones from the Chinese company Huawei (Huawei). There is a security vulnerability in Huawei HiWallet versions earlier than 5.0.3.100

Trust: 2.25

sources: NVD: CVE-2017-8177 // JVNDB: JVNDB-2017-010736 // CNVD: CNVD-2017-28811 // VULHUB: VHN-116380

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-28811

AFFECTED PRODUCTS

vendor:

huawei

model:

hiwallet

scope:

version:

5.0.3.100

Trust: 2.4

sources: CNVD: CNVD-2017-28811 // JVNDB: JVNDB-2017-010736 // NVD: CVE-2017-8177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8177
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8177
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-28811
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-960
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-116380
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-8177
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-28811
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116380
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8177
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-28811 // VULHUB: VHN-116380 // JVNDB: JVNDB-2017-010736 // CNNVD: CNNVD-201711-960 // NVD: CVE-2017-8177

PROBLEMTYPE DATA

problemtype:

CWE-347

Trust: 1.9

sources: VULHUB: VHN-116380 // JVNDB: JVNDB-2017-010736 // NVD: CVE-2017-8177

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-960

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-960

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010736

PATCH

title:	huawei-sa-20170816-01-app	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-app-en	Trust: 0.8
title:	There are patches for Huawei's partial APP that lack signature authentication vulnerabilities.	url:	https://www.cnvd.org.cn/patchInfo/show/103209	Trust: 0.6
title:	Huawei HiWallet Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76670	Trust: 0.6

sources: CNVD: CNVD-2017-28811 // JVNDB: JVNDB-2017-010736 // CNNVD: CNNVD-201711-960

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8177	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010736	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-960	Trust: 0.7
db:	CNVD	id:	CNVD-2017-28811	Trust: 0.6
db:	VULHUB	id:	VHN-116380	Trust: 0.1

sources: CNVD: CNVD-2017-28811 // VULHUB: VHN-116380 // JVNDB: JVNDB-2017-010736 // CNNVD: CNNVD-201711-960 // NVD: CVE-2017-8177

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-app-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8177	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8177	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170816-01-app-cn	Trust: 0.6

sources: CNVD: CNVD-2017-28811 // VULHUB: VHN-116380 // JVNDB: JVNDB-2017-010736 // CNNVD: CNNVD-201711-960 // NVD: CVE-2017-8177

SOURCES

db:	CNVD	id:	CNVD-2017-28811
db:	VULHUB	id:	VHN-116380
db:	JVNDB	id:	JVNDB-2017-010736
db:	CNNVD	id:	CNNVD-201711-960
db:	NVD	id:	CVE-2017-8177

LAST UPDATE DATE

2025-04-20T23:36:44.772000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-28811	date:	2017-09-30T00:00:00
db:	VULHUB	id:	VHN-116380	date:	2017-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-010736	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-960	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8177	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-28811	date:	2017-09-30T00:00:00
db:	VULHUB	id:	VHN-116380	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010736	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-960	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8177	date:	2017-11-22T19:29:04.210