CVE-2017-2733

Published: Nov 22, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN.

Affected (2)

Products: Huawei: Honor 6x Firmware

1 product

Honor 6x Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 6x Firmware	Before bln-al10c00b357

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor 6x Firmware	Before bln-al20c00b357

Running on/with	Platform Versions
Huawei Honor 6x	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-02-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.securityfocus.com/bid/97700

Source: psirt@huawei.com

Third Party AdvisoryVDB Entry

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-02-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/97700

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.