CVE-2017-8154 — Cleartext Transmission of Sensitive Info in Huawei Honor 8 Lite Firmware

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 82.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Honor 8 Lite Firmware Huawei Technologies CO LTD Honor 8 Lite

Timeline

PublishedApr 11

Latest updateMay 13

Description

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/honor_8_lite_firmware< prague-l31c530b160+2

▶CVEListV5huawei_technologies_co_ltd/honor_8_liteThe versions before Prague-L31C576B172, The versions before Prague-L31C530B160, The versions before Prague-L31C432B180

🔴Vulnerability Details

GHSA

GHSA-mphm-cr6w-958w: The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions bef↗2022-05-13

▶

CVEList

CVE-2017-8154: The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions bef↗2018-04-11

▶