First published: Wed Nov 22 2017(Updated: )
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Smarthome | <=1.0.2.364 | |
Huawei Hiapp | <=7.3.0.303 | |
Huawei Hwparentcontrol | <=2.0.0 | |
Huawei Hwparentcontrolparent | <=5.1.0.12 | |
Huawei Crowdtest | <=1.5.3 | |
Huawei HiWallet | <=8.0.0.301 | |
Huawei Huawei Pay | <=8.0.0.300 | |
Huawei Skytone | <=8.1.2.300 | |
Huawei Hwclouddrive\(emui6.0\) | <=8.0.0.307 | |
Huawei Hwphonefinder\(emui6.0\) | <=9.3.0.310 | |
Huawei Hwphonefinder\(emui5.1\) | <=9.2.2.303 | |
Huawei Hicinema | <=8.0.2.300 | |
Huawei Huaweiwear | <=21.0.0.360 | |
Huawei Hihealthapp | <=3.0.3.300 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.