Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Huawei HwVmall AlarmService服务组件安全漏洞
Vulnerability Description
Huawei HwVmall是中国华为(Huawei)公司的一套面向全国服务的电子商务平台应用程序。AlarmService component是其中的一个报警服务组件。 Huawei HwVmall 1.5.2.0之前的版本中的AlarmService服务组件存在安全漏洞,该漏洞源于程序未设置调用权限控制,任意第三方应用均可调用。远程攻击者可通过构造恶意应用利用该漏洞调用该组件后会突然播放告警提醒音乐,影响用户的体验。
CVSS Information
N/A
Vulnerability Type
N/A