Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-2713

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-22 Nov, 2017 | 19:00
Updated At-17 Sep, 2024 | 03:13
Rejected At-
Credits

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:22 Nov, 2017 | 19:00
Updated At:17 Sep, 2024 | 03:13
Rejected At:
▼CVE Numbering Authority (CNA)

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei Technologies Co., Ltd.
Product
HUAWEI P9
Versions
Affected
  • Versions earlier before EVA-L09C432B383, Versions earlier before EVA-L09C636B380, Versions earlier before VIE-L09C432B370, Versions earlier before VIE-L29C636B370
Problem Types
TypeCWE IDDescription
textN/AInsufficient Input Validation
Type: text
CWE ID: N/A
Description: Insufficient Input Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en
x_refsource_CONFIRM
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:22 Nov, 2017 | 19:29
Updated At:20 Apr, 2025 | 01:37

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.4MEDIUM
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary2.04.8MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.8
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:N
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>p9_firmware>>Versions before eva-l09c432b383(exclusive)
cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>p9>>-
cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>p9_firmware>>Versions before eva-l09c636b380(exclusive)
cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>p9>>-
cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>p9_firmware>>Versions before vie-l09c432b370(exclusive)
cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>p9>>-
cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>p9_firmware>>Versions before vie-l29c636b370(exclusive)
cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>p9>>-
cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-enpsirt@huawei.com
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-enaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en
Source: psirt@huawei.com
Resource:
Vendor Advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

239Records found
CVE-2012-5968
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 12.40%
||
7 Day CHG~0.00%
Published-19 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-e585u-82e585n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5268
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-8.1||HIGH
EPSS-0.08% / 24.06%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 20:01
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ws5280-10hirouter-cd20-10_firmwarews6500-10ws5100-10ws5280-11_firmwarews5200-11ws6500-11_firmwarehirouter-cd15-10_firmwarews5200-10hirouter-cd30-11ws5106-10hirouter-cd30-10_firmwarews5102-10cd16-10cd18-10tc5200-10ws5108-10_firmwarecd16-10_firmwarecd17-10hirouter-h1-10hirouter-cd15-10ws5200-11_firmwarews826-10_firmwarecd18-10_firmwarehirouter-cd30-11_firmwarews5100-10_firmwarews5280-11hirouter-h1-10_firmwarews5200-10_firmwarews5280-10_firmwarews5102-10_firmwarews6500-11hirouter-cd30-10cd10-10hirouter-cd21-16_firmwaretc5200-10_firmwarehirouter-cd20-10hirouter-cd21-16ws5108-10ws5106-10_firmwarews6500-10_firmwarecd17-10_firmwarews826-10cd10-10_firmwareCD10-10, CD16-10, CD17-10, CD18-10, HiRouter-CD15-10, HiRouter-CD20-10, HiRouter-CD21-16, HiRouter-CD30-10, HiRouter-CD30-11, HiRouter-H1-10, TC5200-10, WS5100-10, WS5102-10, WS5106-10, WS5108-10, WS5200-10, WS5200-11, , WS5280-10, WS5280-11, WS6500-10, WS6500-11, WS826-10
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5969
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-19 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-e585u-82e585n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-9506
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.6||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 16:27
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

Action-Not Available
Vendor-BluetoothCanonical Ltd.Huawei Technologies Co., Ltd.Google LLCRed Hat, Inc.BlackBerry LimitedopenSUSEApple Inc.Debian GNU/Linux
Product-p_smart_firmwarehonor_view_10_firmwarelondon-al40indenterprise_linux_server_auscolumbia-tl00dbla-l29cdubai-al00ap30_pro_firmwaresydney-tl00y7_2019lelandp-al10d_firmwarejohnson-tl00d_firmwareleland-tl10benterprise_linux_for_real_time_for_nfvlelandp-l22a_firmwarecornell-al00asydney-l22br_firmwarebarca-al00_firmwarenova_5_firmwarehonor_view_10leland-l32a_firmwarey5_2018harry-al10b_firmwareasoka-al00axprinceton-tl10cflorida-l22_firmwareleland-tl10c_firmwarey9_2019_firmwareatomu-l33imanager_neteco_6000enterprise_linux_serverberkeley-al20nova_5sydney-l21br_firmwareleland-l31a_firmwarelelandp-al00c_firmwarepotter-al10aatomu-l33_firmwarelelandp-al10bbla-al00b_firmwareflorida-l21columbia-tl00d_firmwaresydneym-l01_firmwaresydneym-l03honor_10_liteparis-l21bleland-l32c_firmwareflorida-al20bsydney-al00nova_5i_pro_firmwarehonor_20_prohonor_20_firmwaretony-al00bharry-al00c_firmwarejohnson-tl00f_firmwareparis-l21mebnova_4potter-al10a_firmwarehonor_8x_firmwareflorida-al20b_firmwarehonor_8xalp-al00bp20_pro_firmwarecornell-tl10bneo-al00d_firmwaresydney-l22harry-al00cares-tl00c_firmwarey9_2019y6_pro_2019sydneym-l23_firmwarecornell-al00ibla-tl00bharry-tl00c_firmwareever-l29b_firmwarefigo-tl10b_firmwaremate_20_prohonor_view_20y6_2019_firmwareflorida-tl10bsydneym-l03_firmwarekatyusha-al00a_firmwarecolumbia-al10b_firmwaremadrid-tl00avirtualization_host_eusy6_pro_2019_firmwareberkeley-l09_firmwarenova_4_firmwaretvoshima-l29cyale-al00ahonor_10_lite_firmwareares-al00bimanager_netecoblackberrycornell-al00a_firmwarejakarta-al00ap_smart_2019lelandp-l22c_firmwareparis-l29byalep-al10btony-al00b_firmwareyale-al50aparis-al00ic_firmwareenterprise_linux_eusenterprise_linux_for_real_time_eusyale-tl00bcornell-al00i_firmwareiphone_osflorida-l23sydneym-l21mate_20_x_firmwareatomu-l42y6_prime_2018katyusha-al00aalp-al00b_firmwareleland-l42csydney-l21brbla-l29c_firmwareandroidsydneym-al00figo-l23_firmwareenterprise_linux_for_real_time_for_nfv_eusasoka-al00ax_firmwarey5_lite_firmwareberkeley-tl10dura-tl00aemily-l29cbla-tl00b_firmwareimanager_neteco_firmwarey5_2018_firmwarehonor_8a_firmwaresydney-l21_firmwareleland-l21a_firmwaresydney-tl00_firmwarep_smart_2019_firmwaredura-tl00a_firmwareleland-l21aharry-al10bares-al10dhonor_20_pro_firmwaremate_20_xmac_os_xp20tony-tl00b_firmwarenova_lite_3y5_litecairogo-l22sydney-l22brcornell-al00ind_firmwarefigo-l31paris-al00icdebian_linuxnova_3laya-al00ep_firmwareleland-l42c_firmwareatomu-l42_firmwarehonor_8aenterprise_linux_for_real_timecornell-l29adura-al00a_firmwareflorida-l21_firmwarelaya-al00epprinceton-al10d_firmwarey6_2019honor_view_20_firmwareparis-l21b_firmwarenova_5i_prosydneym-l22_firmwareever-l29bcolumbia-l29dcornell-tl10b_firmwarecolumbia-al10bdubai-al00a_firmwareflorida-l22madrid-tl00a_firmwarejakarta-al00a_firmwarep20_firmwaresydney-l22_firmwareimanager_neteco_6000_firmwarep20_promadrid-al00a_firmwarefigo-tl10byale-l61ccornell-al10indcharlotte-l29c_firmwareyale-al00a_firmwaremate_20_firmwareprinceton-al10bleland-l32cwatchoscolumbia-al10i_firmwareares-al00b_firmwaredura-al00aenterprise_linux_server_tusflorida-tl10b_firmwarenova_3_firmwareubuntu_linuxcharlotte-l29ccolumbia-l29d_firmwareyalep-al10b_firmwaresydney-l21columbia-al10icornell-al00indleland-l32aares-tl00clelandp-al10demily-l29c_firmwareenterprise_linux_tushonor_20lelandp-l22cfigo-l23potter-al00cares-al10d_firmwareatomu-l41_firmwarejohnson-tl00fparis-l29b_firmwarebarca-al00leaptony-tl00bp30_prolelandp-al00clondon-al40ind_firmwarepotter-al00c_firmwareenterprise_linuxyale-al50a_firmwarehima-l29c_firmwarey7_2019_firmwareprinceton-tl10c_firmwareyale-tl00b_firmwareyale-l21a_firmwarep30_firmwareprinceton-al10b_firmwareyale-l61c_firmwareleland-l42aflorida-l23_firmwarecairogo-l22_firmwaresydneym-l21_firmwaremate_20sydneym-l01sydneym-l22lelandp-l22aleland-l42a_firmwaresydney-al00_firmwareberkeley-al20_firmwarelelandp-l22dparis-l21meb_firmwaremrg_realtimeatomu-l41sydneym-l23johnson-tl00dbla-al00byale-l21anova_lite_3_firmwarelelandp-l22d_firmwareberkeley-l09harry-tl00centerprise_linux_ausleland-tl10b_firmwarecornell-al10ind_firmwareprinceton-al10dmadrid-al00aberkeley-tl10_firmwaresydneym-al00_firmwarep30p_smartcornell-l29a_firmwarelelandp-al10b_firmwarefigo-l31_firmwarey6_prime_2018_firmwaremate_20_pro_firmwareleland-tl10cleland-l31aneo-al00dBR/EDR
CWE ID-CWE-310
Not Available
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-5271
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 20:16
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mynamyna_firmwareMyna
CVE-2016-4087
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.83% / 73.54%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s12700s12700_firmwares5700s5700_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7934
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_10_promate_10_pro_firmwareMate 10 Pro
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7935
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-1.65% / 81.22%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 11:55
Updated-24 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-e5573cs-322e5573cs-322_firmware E5573Cs-322
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7906
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-leland-al00_firmwarelleland-al00a_firmwarelleland-al00aleland-al00Leland-AL00, Leland-AL00A
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7922
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-alp-l09_firmwarealp-l09ALP-L09
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7923
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-alp-l09_firmwarealp-l09ALP-L09
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9254
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.91%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 22:36
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p30_prop30_pro_firmwareHUAWEI P30 Pro
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8331
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.13% / 33.71%
||
7 Day CHG~0.00%
Published-11 Jan, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-vcn500n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8225
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.47%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ale_firmwaregem-703l_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7740
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.20%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p7_firmwarep8_ale-ul00_firmwarep7p8_ale-ul00n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8229
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.19% / 40.64%
||
7 Day CHG~0.00%
Published-24 Nov, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-espace_firmwareespace_unified_gateway_u2980espace_unified_gateway_u2990n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8305
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p7_firmwarep7n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8084
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.36% / 57.23%
||
7 Day CHG~0.00%
Published-07 Dec, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface, allow remote attackers to cause a denial of service (reboot) via crafted DHCP packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-unified_security_gateway_firmwareusg5100usg2100usg5500usg2200n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8227
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.5||HIGH
EPSS-0.16% / 37.43%
||
7 Day CHG~0.00%
Published-24 Nov, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-vp_9660_firmwarevp9660n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8265
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-01 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-e5151e5186e5151_firmwaree5186_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7847
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.87%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-e3272s_firmwaree3272sE3272s Versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00
CWE ID-CWE-20
Improper Input Validation
CVE-2022-48356
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.19%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2025-54636
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:32
Updated-11 Aug, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8226
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.47%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ale_firmwaregem-703l_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37017
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:24
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8678
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.47%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_s_firmwarep8mate_sp8_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37047
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.39%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 15:45
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause some services to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2025-54642
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:44
Updated-11 Aug, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37039
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.89%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:11
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiharmonyosemuiMagic UIHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37081
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:04
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-54614
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.54%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 01:24
Updated-12 Aug, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the home screen module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37008
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:22
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37013
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.73%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:27
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-54641
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:42
Updated-11 Aug, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7845
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.22% / 44.50%
||
7 Day CHG~0.00%
Published-19 Nov, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-espace_firmwareespace_unified_gateway_u1980espace_unified_gateway_u1960espace_unified_gateway_u1930espace_unified_gateway_u1910espace_unified_gateway_u1981espace_unified_gateway_u1911n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8670
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.09%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-logcenterLogCenter V100R001C10
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37116
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.27% / 49.70%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37084
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.37%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:05
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37094
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:06
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37026
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37096
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:06
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37025
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:25
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37060
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:02
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to SAMGR Heap Address Leakage.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37048
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.47%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:02
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to fake visitors to control PC,play a video,etc.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37019
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-52368
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.95%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:38
Updated-13 Mar, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2023-52372
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.19%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:51
Updated-13 Mar, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-20
Improper Input Validation
CVE-2023-49248
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.91%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:34
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46763
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 09:33
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9417
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.10% / 28.38%
||
7 Day CHG~0.00%
Published-24 Dec, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-espace_desktopn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found