CVE-2017-2704

HIGH

Huawei Multiple Apps (EMUI 5.1/6.0) - Sensitive Information Exposure via Encryption Key Storage

Title source: llm

Description

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en

Scores

CVSS v3 7.5

EPSS 0.0008

EPSS Percentile 22.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (15)

huawei/crowdtest < 1.5.3

huawei/hiapp < 7.3.0.303

huawei/hicinema < 8.0.2.300

huawei/hihealthapp < 3.0.3.300

huawei/hiwallet < 8.0.0.301

huawei/huawei_pay < 8.0.0.300

huawei/huaweiwear < 21.0.0.360

huawei/hwclouddrive\(emui6.0\) < 8.0.0.307

huawei/hwparentcontrol < 2.0.0

huawei/hwparentcontrolparent < 5.1.0.12

... and 5 more

Published Nov 22, 2017

Tracked Since Feb 18, 2026