CVE-2017-8154

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.

Published: Apr 11, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-8154
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
huawei / honor_8_lite_firmware	-	prague-l31c530b160
huawei / honor_8_lite_firmware	-	prague-l31c576b172
huawei / honor_8_lite_firmware	-	prague-l31c432b180

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170908-01-smartphone-en

Vulnerability Database

290,020

CVE-2017-8154