CVE-2017-2715
HIGHHuawei Files < 7.1.1.309 - Unauthorized Sensitive Information Exposure via Safe Key Database
Title source: llmDescription
The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.
References (1)
Core 1
Core References
VDB Entry x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
8.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (2)
huawei/files
< 7.1.1.309
Huawei Technologies Co., Ltd./Files £¨Files is the smartphone APP£©
7.1.1.309 and earlier versions
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026