Vulnerability-Lookup

CNVD-2017-03330

Vulnerability from cnvd - Published: 2017-03-27

Title

华为Hilink APP存在信息泄露漏洞

Description

华为HiLink APP是华为网络连接终端的统一管理平台，支持Mobile WiFi（E5），华为路由器，荣耀立方，华为家庭网关等产品，能发现和管理所有华为“HiLink”终端设备。华为Hilink APP存在信息泄露漏洞。当安装了Hilink APP的iPhone手机接入攻击者搭建的Wi-Fi热点，攻击者可以收集该手机的型号和系统版本信息。

Severity

低

Patch Name

华为Hilink APP存在信息泄露漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-cn

Impacted products

Name
Huawei HUAWEI HiLink APP (for IOS) <5.0.25.306

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2730"
    }
  },
  "description": "\u534e\u4e3aHiLink APP\u662f\u534e\u4e3a\u7f51\u7edc\u8fde\u63a5\u7ec8\u7aef\u7684\u7edf\u4e00\u7ba1\u7406\u5e73\u53f0\uff0c\u652f\u6301Mobile WiFi\uff08E5\uff09\uff0c\u534e\u4e3a\u8def\u7531\u5668\uff0c\u8363\u8000\u7acb\u65b9\uff0c\u534e\u4e3a\u5bb6\u5ead\u7f51\u5173\u7b49\u4ea7\u54c1\uff0c\u80fd\u53d1\u73b0\u548c\u7ba1\u7406\u6240\u6709\u534e\u4e3a\u201cHiLink\u201d\u7ec8\u7aef\u8bbe\u5907\u3002\r\n\r\n\u534e\u4e3aHilink APP\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5f53\u5b89\u88c5\u4e86Hilink APP\u7684iPhone\u624b\u673a\u63a5\u5165\u653b\u51fb\u8005\u642d\u5efa\u7684Wi-Fi\u70ed\u70b9\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6536\u96c6\u8be5\u624b\u673a\u7684\u578b\u53f7\u548c\u7cfb\u7edf\u7248\u672c\u4fe1\u606f\u3002",
  "discovererName": "Zack Whittaker",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03330",
  "openTime": "2017-03-27",
  "patchDescription": "\u534e\u4e3aHiLink APP\u662f\u534e\u4e3a\u7f51\u7edc\u8fde\u63a5\u7ec8\u7aef\u7684\u7edf\u4e00\u7ba1\u7406\u5e73\u53f0\uff0c\u652f\u6301Mobile WiFi\uff08E5\uff09\uff0c\u534e\u4e3a\u8def\u7531\u5668\uff0c\u8363\u8000\u7acb\u65b9\uff0c\u534e\u4e3a\u5bb6\u5ead\u7f51\u5173\u7b49\u4ea7\u54c1\uff0c\u80fd\u53d1\u73b0\u548c\u7ba1\u7406\u6240\u6709\u534e\u4e3a\u201cHiLink\u201d\u7ec8\u7aef\u8bbe\u5907\u3002\r\n\r\n\u534e\u4e3aHilink APP\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5f53\u5b89\u88c5\u4e86Hilink APP\u7684iPhone\u624b\u673a\u63a5\u5165\u653b\u51fb\u8005\u642d\u5efa\u7684Wi-Fi\u70ed\u70b9\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6536\u96c6\u8be5\u624b\u673a\u7684\u578b\u53f7\u548c\u7cfb\u7edf\u7248\u672c\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3aHilink APP\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei HUAWEI HiLink APP (for IOS) \u003c5.0.25.306"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-cn",
  "serverity": "\u4f4e",
  "submitTime": "2017-03-11",
  "title": "\u534e\u4e3aHilink APP\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-2730 (GCVE-0-2017-2730)

Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 19:40

Summary

HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.

Severity ?

No CVSS data available.

CWE

Information Leak

Assigner

huawei

References

URL

Tags

http://www.huawei.com/en/psirt/security-advisorie…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	HUAWEI HiLink APP (for IOS), HUAWEI Tech Support APP (for IOS)	Affected: HUAWEI HiLink APP (for IOS) Versions earlier before 5.0.25.306, HUAWEI Tech Support APP (for IOS) Versions earlier before 5.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HUAWEI HiLink APP (for IOS), HUAWEI Tech Support APP (for IOS)",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "HUAWEI HiLink APP (for IOS) Versions earlier before 5.0.25.306, HUAWEI Tech Support APP (for IOS) Versions earlier before 5.0.0"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-22T18:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2017-2730",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HUAWEI HiLink APP (for IOS), HUAWEI Tech Support APP (for IOS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "HUAWEI HiLink APP (for IOS) Versions earlier before 5.0.25.306, HUAWEI Tech Support APP (for IOS) Versions earlier before 5.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-2730",
    "datePublished": "2017-11-22T19:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T19:40:04.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-03330

CVE-2017-2730 (GCVE-0-2017-2730)

Tags

Sightings

Nomenclature