CVE-2017-2730
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Modified
Published: 22 Nov 2017, 19:00
Last modified:16 Sept 2024, 19:40
Vulnerability Summary
Overall Risk (default)
low
14/100 CVSS Score
3.5 LOW
v3.0 (nvd)
EPSS Score
0.04% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 Nov 2017, 19:00
Published
Vulnerability first disclosed
16 Sept 2024, 19:40
Last Modified
Vulnerability information updated
Description
HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.
CVSS Metrics
- v3.0•LOW•Score: 3.5CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- v2.0•LOW•Score: 2.9AV:A/AC:M/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.04%• Percentile: 11%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- huawei technologies co., ltd.•huawei hilink app (for ios), huawei tech support app (for ios)
HUAWEI HiLink APP (for IOS) Versions earlier before 5.0.25.306, HUAWEI Tech Support APP (for IOS) Versions earlier before 5.0.0
- huawei•hilink
< 5.0.25.306
- huawei•tech_support
< 5.0.0