7.5
CWE
200
Advisory Published
Updated

CVE-2017-2704: Infoleak

First published: Wed Nov 22 2017(Updated: )

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei Smarthome<=1.0.2.364
Huawei Hiapp<=7.3.0.303
Huawei Hwparentcontrol<=2.0.0
Huawei Hwparentcontrolparent<=5.1.0.12
Huawei Crowdtest<=1.5.3
Huawei HiWallet<=8.0.0.301
Huawei Huawei Pay<=8.0.0.300
Huawei Skytone<=8.1.2.300
Huawei Hwclouddrive\(emui6.0\)<=8.0.0.307
Huawei Hwphonefinder\(emui6.0\)<=9.3.0.310
Huawei Hwphonefinder\(emui5.1\)<=9.2.2.303
Huawei Hicinema<=8.0.2.300
Huawei Huaweiwear<=21.0.0.360
Huawei Hihealthapp<=3.0.3.300

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203