Vulnerability Details : CVE-2017-2730
HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.
Vulnerability category: Information leak
Products affected by CVE-2017-2730
- cpe:2.3:a:huawei:tech_support:*:*:*:*:*:*:*:*
- cpe:2.3:a:huawei:hilink:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2730
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2730
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.9
|
LOW | AV:A/AC:M/Au:N/C:P/I:N/A:N |
5.5
|
2.9
|
NIST | |
3.5
|
LOW | CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.1
|
1.4
|
NIST |
CWE ids for CVE-2017-2730
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2730
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-en
Security Advisory - Information Leak Vulnerability in Huawei APPVendor Advisory
Jump to