Details of VAR-201711-0246

ID

VAR-201711-0246

CVE

CVE-2017-2730

TITLE

IOS for HUAWEI HiLink APP and Tech Support APP Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-010732

DESCRIPTION

HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version

Trust: 1.62

sources: NVD: CVE-2017-2730 // JVNDB: JVNDB-2017-010732

IOT TAXONOMY

category:

['other device']

sub_category:

general

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	huawei	model:	hilink	scope:	lt	version:	5.0.25.306	Trust: 1.8
vendor:	huawei	model:	tech support	scope:	lt	version:	5.0.0	Trust: 1.0
vendor:	huawei	model:	technical support	scope:	lt	version:	5.0.0	Trust: 0.8

sources: JVNDB: JVNDB-2017-010732 // NVD: CVE-2017-2730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2730
value:	LOW
Trust: 1.0
NVD:	CVE-2017-2730
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201703-912
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2017-2730
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2017-2730
baseSeverity:	LOW
baseScore:	3.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2017-010732 // CNNVD: CNNVD-201703-912 // NVD: CVE-2017-2730

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-010732 // NVD: CVE-2017-2730

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201703-912

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-912

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010732

PATCH

title:	huawei-sa-20170310-01-hilinkapp	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-en	Trust: 0.8
title:	Huawei Hilink APP Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68663	Trust: 0.6

sources: JVNDB: JVNDB-2017-010732 // CNNVD: CNNVD-201703-912

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2730	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-010732	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-912	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2017-010732 // CNNVD: CNNVD-201703-912 // NVD: CVE-2017-2730

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170310-01-hilinkapp-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2730	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2730	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2017-010732 // CNNVD: CNNVD-201703-912 // NVD: CVE-2017-2730

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2017-010732
db:	CNNVD	id:	CNNVD-201703-912
db:	NVD	id:	CVE-2017-2730

LAST UPDATE DATE

2025-04-20T22:02:59.617000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2017-010732	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201703-912	date:	2017-12-26T00:00:00
db:	NVD	id:	CVE-2017-2730	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2017-010732	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201703-912	date:	2017-03-21T00:00:00
db:	NVD	id:	CVE-2017-2730	date:	2017-11-22T19:29:01.740