Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-2715

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-22 Nov, 2017 | 19:00
Updated At-16 Sep, 2024 | 20:27
Rejected At-
Credits

The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:22 Nov, 2017 | 19:00
Updated At:16 Sep, 2024 | 20:27
Rejected At:
▼CVE Numbering Authority (CNA)

The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei Technologies Co., Ltd.
Product
Files £¨Files is the smartphone APP£©
Versions
Affected
  • 7.1.1.309 and earlier versions
Problem Types
TypeCWE IDDescription
textN/ABrute-force attack
Type: text
CWE ID: N/A
Description: Brute-force attack
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
x_refsource_CONFIRM
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:22 Nov, 2017 | 19:29
Updated At:20 Apr, 2025 | 01:37

The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>files>>Versions up to 7.1.1.309(inclusive)
cpe:2.3:a:huawei:files:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-enpsirt@huawei.com
VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-enaf854a3a-2127-422b-91ae-364da2661108
VDB Entry
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
Source: psirt@huawei.com
Resource:
VDB Entry
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170425-01-files-en
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

1045Records found
CVE-2017-17158
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 6.76%
||
7 Day CHG~0.00%
Published-24 May, 2018 | 14:00
Updated-05 Aug, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-prague-tl00a_firmwareprague-al00c_firmwareberlin-l21hn_firmwareprague-al00a_firmwareprague-al00cprague-tl10aberlin-l21hnprague-tl00aprague-tl10a_firmwareprague-al00b_firmwareprague-l31prague-l31_firmwareprague-al00bprague-al00aBerlin-L21HN; Prague-AL00A; Prague-AL00B; Prague-AL00C; Prague-L31; Prague-TL00A; Prague-TL10A
CWE ID-CWE-20
Improper Input Validation
CVE-2017-17146
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-dp300dp300_firmwareDP300
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-39986
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.19%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:03
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emui EMUI
CVE-2021-37107
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.19%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:03
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-37115
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.19%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:03
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emui EMUI
CVE-2021-37036
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.19%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 14:59
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ecns280_tdfusioncomputeecns280_td_firmwareFusionCompute;eCNS280_TD
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-22467
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.12%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:33
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22310
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 5.80%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 18:38
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-nip6600secospace_usg6500_firmwarenip6300secospace_usg6500usg9500_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6600_firmwarenip6300_firmwareusg9500secospace_usg6600secospace_usg6300_firmwareNIP6300;NIP6600;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-9106
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 6.45%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:43
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p30_prop30_pro_firmwareHUAWEI P30 Pro
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-9102
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-3.3||LOW
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 22:59
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-cloudengine_7800cloudengine_5800_firmwarecloudengine_5800cloudengine_6800_firmwarecloudengine_6800cloudengine_7800_firmwarecloudengine_12800cloudengine_12800_firmwareCloudEngine 5800CloudEngine 7800CloudEngine 12800CloudEngine 6800
CVE-2020-9110
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 14:03
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-an00b_firmwaretaurus-an00bTaurus-AN00B
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9239
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 13:25
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p20_pro_firmwareneo-al00d_firmwaretoronto-al00atoronto-tl10_firmwarestanford-al00_firmwarebla-tl00b_firmwarebla-a09toronto-tl10duke-l09_firmwarebla-tl00btoronto-al00toronto-al00_firmwaretoronto-al00a_firmwareberkeley-l09_firmwarelon-l29dbla-a09_firmwarejimmy-al00a_firmwarelon-l29d_firmwarep20neo-al00djimmy-al00aduke-l09p20_firmwareberkeley-l09stanford-al00p20_proBLA-A09;BLA-TL00B;Berkeley-L09;Duke-L09;HUAWEI P20;HUAWEI P20 Pro;Jimmy-AL00A;LON-L29D;NEO-AL00D;Stanford-AL00;Toronto-AL00;Toronto-AL00A;Toronto-TL10
CWE ID-CWE-20
Improper Input Validation
CVE-2024-58252
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.56%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 07:15
Updated-09 May, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-56443
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 02:37
Updated-13 Jan, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-56435
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 01:33
Updated-13 Jan, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8130
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-umaUMA
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8165
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.28%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 19:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensitive information leak.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_9mate_9_firmwareMate 9
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-54119
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.12%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 12:18
Updated-14 Jan, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2730
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-3.5||LOW
EPSS-0.04% / 9.69%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.Apple Inc.
Product-iphone_oshilinktech_supportHUAWEI HiLink APP (for IOS), HUAWEI Tech Support APP (for IOS)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2733
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.87%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-honor_6x_firmwarehonor_6xHonor 6X
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4628
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-20 Jun, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-quidway_service_process_unit_board_s7700quidway_service_process_unit_board_s9700quidway_service_process_unit_board_s9300n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17139
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.28%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 19:00
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date which may cause sensitive information leak.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_9_pro_firmwaremate_9mate_9_firmwaremate_9_proMate 9; Mate 9 Pro
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17319
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.46%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p9p9_firmwareP9
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-15328
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.55%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-hg8245h_firmwarehg8245hHG8245H
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39980
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.13%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17303
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 28.14%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE30 V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE60 V100R001C10; V100R001C10B001; V100R001C10B002; V100R001C10B010; V100R001C10B011; V100R001C10B012; V100R001C10B013; V100R001C10B014; V100R001C10B016; V100R001C10B017; V100R001C10B018; V100R001C10B019; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800B011; V100R001C10SPC900; V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V500R002C00SPCe00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300 use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could allow the attacker to get the information and cause the sensitive information disclosure.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-te60_firmwarete30_firmwaredp300rp200te40_firmwarete60dp300_firmwarete40te30te50_firmwarete50rp200_firmwareDP300; RP200; TE30; TE40; TE50; TE60
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17322
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.82%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-honor_smart_scale_applicationhonor_smart_scale_application_firmwareHonor Smart Scale Application
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-46757
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.14%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 10:13
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37125
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.27%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37010
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.27%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:27
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37067
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.27%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:03
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5367
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.31%
||
7 Day CHG~0.00%
Published-14 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-honor_ws851_firmwarehonor_ws851n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-48347
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-27897
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.61%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 09:25
Updated-13 Mar, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-44115
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.14%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 03:59
Updated-04 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-44098
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.88%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 09:02
Updated-04 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2015-8336
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.24%
||
7 Day CHG~0.00%
Published-14 Apr, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2009-2274
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.25%
||
7 Day CHG~0.00%
Published-01 Jul, 2009 | 12:26
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-d100n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-44093
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 10:36
Updated-18 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-44112
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.88%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 08:00
Updated-03 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-44097
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:46
Updated-18 Sep, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-41293
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.14%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 12:18
Updated-24 Sep, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-227
Not Available
CVE-2023-52097
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.35%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 02:54
Updated-13 Mar, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-52101
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.13% / 33.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 09:17
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-39393
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.77%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 11:34
Updated-10 Oct, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-39383
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.61%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 11:43
Updated-10 Oct, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2024-57955
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:25
Updated-17 Mar, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-57954
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 5.66%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:23
Updated-17 Mar, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-7938
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-3.3||LOW
EPSS-0.09% / 26.22%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 16:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p10p10_firmwareP10
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-7921
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-2.64% / 85.15%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-b315s-22b315s-22_firmwareB315s-22
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 20
  • 21
  • Next
Details not found