CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2704
https://notcve.org/view.php?id=CVE-2017-2704
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. Smarthome 1.0.2.364 y versiones anteriores, HiAPP 7.3.0.303 y anteriores, HwParentControl 2.0.0 y anteriores, HwParentControlParent 5.1.0.12 y anteriores, Crowdtest 1.5.3 y anteriores, HiWallet 8.0.0.301 y anteriores, Huawei Pay 8.0.0.300 y anteriores, Skytone 8.1.2.300 y anteriores, HwCloudDrive(EMUI6.0) 8.0.0.307 y anteriores, HwPhoneFinder(EMUI6.0) 9.3.0.310 y anteriores, HwPhoneFinder(EMUI5.1) 9.2.2.303 y anteriores, HiCinema 8.0.2.300 y anteriores, HuaweiWear 21.0.0.360 y anteriores y HiHealthApp 3.0.3.300 y anteriores tienen una vulnerabilidad de divulgación de información. Las claves de cifrado están almacenadas en el sistema. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2709
https://notcve.org/view.php?id=CVE-2017-2709
HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to the device. Due to the lack of adequate input validation of APPs, which causes the APPs Denial of Service. HiGame con software en versiones anteriores a la 7.3.0 y SkyTone con software en versiones anteriores a la 8.1.1 tienen una vulnerabilidad de denegación de servicio. Un atacante engaña a un usuario para que instale una aplicación maliciosa en el smartphone, permitiendo que el atacante envíe paquetes mal formados al dispositivo. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-appdos-en • CWE-20: Improper Input Validation •