Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2017-2704

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
22/11/2017
Last modified:
20/04/2025

Description

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.

Impact

Vector 3.x
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x
7.50
Severity 3.x
HIGH
Vector 2.0
AV:N/AC:L/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 5.00 MEDIUM
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0
5.00
Severity 2.0
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:* 1.0.2.364 (including)
cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:* 7.3.0.303 (including)
cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:* 2.0.0 (including)
cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:* 5.1.0.12 (including)
cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:* 1.5.3 (including)
cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:* 8.0.0.301 (including)
cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:* 8.0.0.300 (including)
cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:* 8.1.2.300 (including)
cpe:2.3:o:huawei:hwclouddrive\(emui6.0\):*:*:*:*:*:*:*:* 8.0.0.307 (including)
cpe:2.3:a:huawei:hwphonefinder\(emui6.0\):*:*:*:*:*:*:*:* 9.3.0.310 (including)
cpe:2.3:a:huawei:hwphonefinder\(emui5.1\):*:*:*:*:*:*:*:* 9.2.2.303 (including)
cpe:2.3:a:huawei:hicinema:*:*:*:*:*:*:*:* 8.0.2.300 (including)
cpe:2.3:a:huawei:huaweiwear:*:*:*:*:*:*:*:* 21.0.0.360 (including)
cpe:2.3:a:huawei:hihealthapp:*:*:*:*:*:*:*:* 3.0.3.300 (including)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools