CVE-2017-2730

EPSS 0.04%
Published 22.11.2017 19:29:01
Last modified 20.04.2025 01:37:25
Source psirt@huawei.com
Teams watchlist Login
Open Login

HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Hilink Version < 5.0.25.306

Apple ≫ iPhone OS Version-

Huawei ≫ Tech Support Version < 5.0.0

Apple ≫ iPhone OS Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.077

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.5	2.1	1.4	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	2.9	5.5	2.9	AV:A/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-2730

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2730

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2730

EUVD