This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy
Some Huawei APPs have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version. (Vulnerability ID: HWPSIRT-2017-02025)
This vulnerability has been assigned a CVE ID: CVE-2017-2730.
Product Name |
Affected Version |
Resolved Product and Version |
HUAWEI HiLink APP (for IOS) |
Versions earlier before 5.0.25.306 |
5.0.25.306 |
HUAWEI Tech Support APP (for IOS) | Versions earlier before 5.0.0 |
5.0.0 |
[1] Users should download the APP from Apple Store.
The attacker can collect user information by exploiting this vulnerability.
When an iPhone with vulnerable APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.
Users should download the APP from Apple Store.
This vulnerability was discovered by Zack Whittaker on ZDNet.com.
2017-07-18 V1.1 UPDATED Updated the affected product list and fixed version
2017-03-10 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.