CVE Vulnerabilities

CVE-2017-8154

Cleartext Transmission of Sensitive Information

Published: Apr 11, 2018 | Modified: Nov 21, 2024
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name Vendor Start Version End Version
Honor_8_lite_firmware Huawei * prague-l31c530b160 (excluding)

Potential Mitigations

References