CVE-2017-2704

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.
Configurations

Configuration 1 (hide)

cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:o:huawei:hwclouddrive\(emui6.0\):*:*:*:*:*:*:*:*

Configuration 10 (hide)

cpe:2.3:a:huawei:hwphonefinder\(emui6.0\):*:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:a:huawei:hwphonefinder\(emui5.1\):*:*:*:*:*:*:*:*

Configuration 12 (hide)

cpe:2.3:a:huawei:hicinema:*:*:*:*:*:*:*:*

Configuration 13 (hide)

cpe:2.3:a:huawei:huaweiwear:*:*:*:*:*:*:*:*

Configuration 14 (hide)

cpe:2.3:a:huawei:hihealthapp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:24

Type Values Removed Values Added
References () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en - Vendor Advisory () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en - Vendor Advisory

Information

Published : 2017-11-22 19:29

Updated : 2024-11-21 03:24


NVD link : CVE-2017-2704

Mitre link : CVE-2017-2704

CVE.ORG link : CVE-2017-2704


JSON object : View

Products Affected

huawei

  • skytone
  • hicinema
  • hihealthapp
  • huaweiwear
  • crowdtest
  • hwphonefinder\(emui5.1\)
  • hwclouddrive\(emui6.0\)
  • smarthome
  • huawei_pay
  • hwparentcontrol
  • hwparentcontrolparent
  • hiapp
  • hwphonefinder\(emui6.0\)
  • hiwallet
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor