Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.
References
Link | Resource |
---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en | Vendor Advisory |
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
Configuration 14 (hide)
|
History
21 Nov 2024, 03:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en - Vendor Advisory |
Information
Published : 2017-11-22 19:29
Updated : 2024-11-21 03:24
NVD link : CVE-2017-2704
Mitre link : CVE-2017-2704
CVE.ORG link : CVE-2017-2704
JSON object : View
Products Affected
huawei
- skytone
- hicinema
- hihealthapp
- huaweiwear
- crowdtest
- hwphonefinder\(emui5.1\)
- hwclouddrive\(emui6.0\)
- smarthome
- huawei_pay
- hwparentcontrol
- hwparentcontrolparent
- hiapp
- hwphonefinder\(emui6.0\)
- hiwallet
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor