VAR-201606-0021
Vulnerability from variot - Updated: 2025-04-12 23:27The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. Vendors have confirmed this vulnerability HWPSIRT-2016-03008 It is released as.Local users may be affected unspecified. Successfully exploiting this issue allows local attackers to perform man-in-the-middle attacks and bypass certain security restrictions. The following technolgies are affected: WearAPP versions prior to 15.0.0.307 are vulnerable HiLink APP versions prior to 3.19.2 are vulnerable Note: This issue was previously titled 'Huawei Wear APP CVE-2016-3677 SSL Certificate Validation Local Security Bypass Vulnerability'. The title has been changed to better reflect the vulnerability information. Both Huawei WearAPP and HiLink are products of the Chinese company Huawei. The former is a set of APPs used in conjunction with smart wearable devices, and the latter is a unified management platform for Huawei network connection terminals. There are security vulnerabilities in Huawei WearAPP versions earlier than 15.0.0.307 (Android) and HiLink versions earlier than 3.19.2 (Android)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0021",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hilink app",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "3.19.1"
},
{
"model": "hilink",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "3.19.2"
},
{
"model": "hilink app",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "3.19.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
},
{
"db": "NVD",
"id": "CVE-2016-4005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:hilink_app",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Akshay Jain",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4005",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-92824",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2016-4005",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4005",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-4005",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-471",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-92824",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92824"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
},
{
"db": "NVD",
"id": "CVE-2016-4005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. Vendors have confirmed this vulnerability HWPSIRT-2016-03008 It is released as.Local users may be affected unspecified. \nSuccessfully exploiting this issue allows local attackers to perform man-in-the-middle attacks and bypass certain security restrictions. \nThe following technolgies are affected:\nWearAPP versions prior to 15.0.0.307 are vulnerable\nHiLink APP versions prior to 3.19.2 are vulnerable\nNote: This issue was previously titled \u0027Huawei Wear APP CVE-2016-3677 SSL Certificate Validation Local Security Bypass Vulnerability\u0027. The title has been changed to better reflect the vulnerability information. Both Huawei WearAPP and HiLink are products of the Chinese company Huawei. The former is a set of APPs used in conjunction with smart wearable devices, and the latter is a unified management platform for Huawei network connection terminals. There are security vulnerabilities in Huawei WearAPP versions earlier than 15.0.0.307 (Android) and HiLink versions earlier than 3.19.2 (Android)",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4005"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"db": "BID",
"id": "86536"
},
{
"db": "VULHUB",
"id": "VHN-92824"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4005",
"trust": 2.8
},
{
"db": "BID",
"id": "86536",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003223",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-471",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-92824",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92824"
},
{
"db": "BID",
"id": "86536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
},
{
"db": "NVD",
"id": "CVE-2016-4005"
}
]
},
"id": "VAR-201606-0021",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92824"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-12T23:27:30.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-2016419-01-wear",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-en"
},
{
"title": "Huawei WearAPP and HiLink Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61785"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92824"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"db": "NVD",
"id": "CVE-2016-4005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/86536"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4005"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4005"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160419-01-wear-cn"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92824"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
},
{
"db": "NVD",
"id": "CVE-2016-4005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92824"
},
{
"db": "BID",
"id": "86536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
},
{
"db": "NVD",
"id": "CVE-2016-4005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-92824"
},
{
"date": "2016-04-19T00:00:00",
"db": "BID",
"id": "86536"
},
{
"date": "2016-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"date": "2016-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-471"
},
{
"date": "2016-06-13T14:59:06.353000",
"db": "NVD",
"id": "CVE-2016-4005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-92824"
},
{
"date": "2016-07-06T14:59:00",
"db": "BID",
"id": "86536"
},
{
"date": "2016-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003223"
},
{
"date": "2016-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-471"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Android for Huawei Hilink APP Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-471"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…