CVE-2017-17149
https://notcve.org/view.php?id=CVE-2017-17149
Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet. La aplicación Huawei HiWallet, en versiones anteriores a la 8.0.4, tiene una vulnerabilidad de cambio arbitrario de patrón de bloqueo. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwallet-en •
CVE-2017-8177
https://notcve.org/view.php?id=CVE-2017-8177
Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking. La app HiWallet de Huawei en versiones anteriores a la 5.0.3.100 no es compatible con la verificación de firmas para los archivos APK. Un atacante podría explotar esta vulnerabilidad para secuestrar la APK y subir un archivo APK modificado. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-app-en • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2017-2704
https://notcve.org/view.php?id=CVE-2017-2704
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. Smarthome 1.0.2.364 y versiones anteriores, HiAPP 7.3.0.303 y anteriores, HwParentControl 2.0.0 y anteriores, HwParentControlParent 5.1.0.12 y anteriores, Crowdtest 1.5.3 y anteriores, HiWallet 8.0.0.301 y anteriores, Huawei Pay 8.0.0.300 y anteriores, Skytone 8.1.2.300 y anteriores, HwCloudDrive(EMUI6.0) 8.0.0.307 y anteriores, HwPhoneFinder(EMUI6.0) 9.3.0.310 y anteriores, HwPhoneFinder(EMUI5.1) 9.2.2.303 y anteriores, HiCinema 8.0.2.300 y anteriores, HuaweiWear 21.0.0.360 y anteriores y HiHealthApp 3.0.3.300 y anteriores tienen una vulnerabilidad de divulgación de información. Las claves de cifrado están almacenadas en el sistema. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •