Insecure Software Package Download and Installation Vulnerability in Huawei HiSuite 4.0.5.300_OVE

Insecure Software Package Download and Installation Vulnerability in Huawei HiSuite 4.0.5.300_OVE

CVE-2016-8273 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.

Learn more about our Web Application Penetration Testing UK.