CVE-2016-8273

CWE-20Improper Input ValidationCWE-284Improper Access Control3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 96.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Hisuite
Timeline
PublishedApr 2
Latest updateMay 17

Description

Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/hisuite4.0.5.300_ove
CVEListV5hisuite_4.0.5.300_oveHiSuite 4.0.5.300_OVE

🔴Vulnerability Details

2
GHSA
GHSA-9rrp-vxfg-q78p: Huawei PC client software HiSuite 42022-05-17
CVEList
CVE-2016-8273: Huawei PC client software HiSuite 42017-04-02
CVE-2016-8273 (HIGH CVSS 7.8) | Huawei PC client software HiSuite 4 | cvebase.io