Weak ACL in Huawei Mobile Broadband HL Service Allows Local Privilege Escalation

Weak ACL in Huawei Mobile Broadband HL Service Allows Local Privilege Escalation

CVE-2016-2855 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.

Learn more about our Mobile App Penetration Testing.