Vulnerability Description
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
CVSS Score
6.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Hilink App | - |
| Huawei | Wear App | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-enVendor Advisory
- http://www.securityfocus.com/bid/86536
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-enVendor Advisory
- http://www.securityfocus.com/bid/86536
FAQ
What is CVE-2016-3677?
CVE-2016-3677 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
How severe is CVE-2016-3677?
CVE-2016-3677 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3677?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Hilink App, Huawei Wear App.