Lucene search

HuaweiCVE-2017-2704

HistoryNov 22, 2017 - 7:29 p.m.

CVE-2017-2704

2017-11-2219:29:00

CWE-200

huawei

web.nvd.nist.gov

cve-2017-2704

smarthome

hiapp

hwparentcontrol

information exposure

encryption

reverse engineering

huawei pay

security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.

Affected configurations

Nvd

Vulners

Node

huaweismarthomeRange≤1.0.2.364

Node

huaweihiappRange≤7.3.0.303

Node

huaweihwparentcontrolRange≤2.0.0

Node

huaweihwparentcontrolparentRange≤5.1.0.12

Node

huaweicrowdtestRange≤1.5.3

Node

huaweihiwalletRange≤8.0.0.301

Node

huaweihuawei_payRange≤8.0.0.300

Node

huaweiskytoneRange≤8.1.2.300

Node

huaweihwclouddrive\(emui6.0\)Range≤8.0.0.307

Node

huaweihwphonefinder\(emui6.0\)Range≤9.3.0.310

Node

huaweihwphonefinder\(emui5.1\)Range≤9.2.2.303

Node

huaweihicinemaRange≤8.0.2.300

Node

huaweihuaweiwearRange≤21.0.0.360

Node

huaweihihealthappRange≤3.0.3.300

VendorProductVersionCPE
huaweismarthome*cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:*
huaweihiapp*cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:*
huaweihwparentcontrol*cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:*
huaweihwparentcontrolparent*cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:*
huaweicrowdtest*cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:*
huaweihiwallet*cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:*
huaweihuawei_pay*cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:*
huaweiskytone*cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:*
huaweihwclouddrive\(emui6.0\)*cpe:2.3:o:huawei:hwclouddrive\(emui6.0\):*:*:*:*:*:*:*:*
huaweihwphonefinder\(emui6.0\)*cpe:2.3:a:huawei:hwphonefinder\(emui6.0\):*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	smarthome	*	cpe:2.3:a:huawei:smarthome::::::::
huawei	hiapp	*	cpe:2.3:a:huawei:hiapp::::::::
huawei	hwparentcontrol	*	cpe:2.3:a:huawei:hwparentcontrol::::::::
huawei	hwparentcontrolparent	*	cpe:2.3:a:huawei:hwparentcontrolparent::::::::
huawei	crowdtest	*	cpe:2.3:a:huawei:crowdtest::::::::
huawei	hiwallet	*	cpe:2.3:a:huawei:hiwallet::::::::
huawei	huawei_pay	*	cpe:2.3:a:huawei:huawei_pay::::::::
huawei	skytone	*	cpe:2.3:a:huawei:skytone::::::::
huawei	hwclouddrive\(emui6.0\)	*	cpe:2.3:o:huawei:hwclouddrive\(emui6.0\)::::::::
huawei	hwphonefinder\(emui6.0\)	*	cpe:2.3:a:huawei:hwphonefinder\(emui6.0\)::::::::

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder?&#xa1;&#xa7;EMUI6.0??,HwPhoneFinder?&#xa1;&#xa7;EMUI5.1??,HiCinema,HuaweiWear,HiHealthApp,",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder EMUI6.0 9.3.0.310 and earlier versions,HwPhoneFinder EMUI5.1 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions,"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

Related for CVE-2017-2704