FKIE_CVE-2017-2704

Vulnerability from fkie_nvd - Published: 2017-11-22 19:29 - Updated: 2025-04-20 01:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-enVendor Advisory
Impacted products
Vendor Product Version
huawei smarthome *
huawei hiapp *
huawei hwparentcontrol *
huawei hwparentcontrolparent *
huawei crowdtest *
huawei hiwallet *
huawei huawei_pay *
huawei skytone *
huawei hwclouddrive\(emui6.0\) *
huawei hwphonefinder\(emui6.0\) *
huawei hwphonefinder\(emui5.1\) *
huawei hicinema *
huawei huaweiwear *
huawei hihealthapp *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF1E07C-5A28-4A01-B739-23EF517C6E11",
              "versionEndIncluding": "1.0.2.364",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1036F83E-18BA-4560-B796-878F05D976F2",
              "versionEndIncluding": "7.3.0.303",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD364E0F-4CF9-481D-AAD1-696BEEF8CA9D",
              "versionEndIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69572083-6CA3-4FCD-A8F7-460F184BE9A0",
              "versionEndIncluding": "5.1.0.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD498317-5E9B-4605-A41C-AF411A3F0436",
              "versionEndIncluding": "1.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7ACF69D-3555-4989-A237-EA3F06575E04",
              "versionEndIncluding": "8.0.0.301",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "643D1BE6-9017-4DFE-A733-9772E06BAB5B",
              "versionEndIncluding": "8.0.0.300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC601A7-493E-4AE4-B26D-21B09CC31D3E",
              "versionEndIncluding": "8.1.2.300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:hwclouddrive\\(emui6.0\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6416700B-4AC4-40E1-AA67-070055AC810B",
              "versionEndIncluding": "8.0.0.307",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hwphonefinder\\(emui6.0\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B56850-D4CE-4679-B894-3F9F8237125A",
              "versionEndIncluding": "9.3.0.310",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hwphonefinder\\(emui5.1\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F537415-D418-48AE-ACFB-CD6F41073492",
              "versionEndIncluding": "9.2.2.303",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hicinema:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "279C86EF-784F-4B46-8E72-5DAFD02C1030",
              "versionEndIncluding": "8.0.2.300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:huaweiwear:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01416564-940A-4842-ADAC-0CA9F53890DB",
              "versionEndIncluding": "21.0.0.360",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hihealthapp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "090BA6B7-A16E-4B26-A720-B70D95675369",
              "versionEndIncluding": "3.0.3.300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure."
    },
    {
      "lang": "es",
      "value": "Smarthome 1.0.2.364 y versiones anteriores, HiAPP 7.3.0.303 y anteriores, HwParentControl 2.0.0 y anteriores, HwParentControlParent 5.1.0.12 y anteriores, Crowdtest 1.5.3 y anteriores, HiWallet 8.0.0.301 y anteriores, Huawei Pay 8.0.0.300 y anteriores, Skytone 8.1.2.300 y anteriores, HwCloudDrive(EMUI6.0) 8.0.0.307 y anteriores, HwPhoneFinder(EMUI6.0) 9.3.0.310 y anteriores, HwPhoneFinder(EMUI5.1) 9.2.2.303 y anteriores, HiCinema 8.0.2.300 y anteriores, HuaweiWear 21.0.0.360 y anteriores y HiHealthApp 3.0.3.300 y anteriores tienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Las claves de cifrado est\u00e1n almacenadas en el sistema. El atacante puede utilizar ingenier\u00eda inversa para obtener las claves de cifrado, provocando una divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2017-2704",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-22T19:29:00.723",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.