CVE-2017-2704 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2017-2704?

CVE-2017-2704 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-2704?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Smarthome, Huawei Hiapp, Huawei Hwparentcontrol, Huawei Hwparentcontrolparent, Huawei Crowdtest.

Vulnerability Description

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Smarthome	<= 1.0.2.364
Huawei	Hiapp	<= 7.3.0.303
Huawei	Hwparentcontrol	<= 2.0.0
Huawei	Hwparentcontrolparent	<= 5.1.0.12
Huawei	Crowdtest	<= 1.5.3
Huawei	Hiwallet	<= 8.0.0.301
Huawei	Huawei Pay	<= 8.0.0.300
Huawei	Skytone	<= 8.1.2.300
Huawei	Hwclouddrive\(Emui6.0\)	<= 8.0.0.307
Huawei	Hwphonefinder\(Emui6.0\)	<= 9.3.0.310
Huawei	Hwphonefinder\(Emui5.1\)	<= 9.2.2.303
Huawei	Hicinema	<= 8.0.2.300
Huawei	Huaweiwear	<= 21.0.0.360
Huawei	Hihealthapp	<= 3.0.3.300

Related Weaknesses (CWE)

CWE-200

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryptVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryptVendor Advisory

FAQ

What is CVE-2017-2704?

CVE-2017-2704 is a vulnerability with a CVSS score of 7.5 (HIGH). Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier...

How severe is CVE-2017-2704?

CVE-2017-2704 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2704?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Smarthome, Huawei Hiapp, Huawei Hwparentcontrol, Huawei Hwparentcontrolparent, Huawei Crowdtest.