Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-1822

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-28 Dec, 2024 | 06:21
Updated At-28 Dec, 2024 | 16:34
Rejected At-
Credits

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:28 Dec, 2024 | 06:21
Updated At:28 Dec, 2024 | 16:34
Rejected At:
▼CVE Numbering Authority (CNA)

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
IPS Module
Default Status
unaffected
Versions
Affected
  • V500R001C30
  • V500R001C60
  • V500R005C00
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
NGFW Module
Default Status
unaffected
Versions
Affected
  • V500R002C00
  • V500R002C20
  • V500R005C00
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
NIP6300
Default Status
unaffected
Versions
Affected
  • V500R001C30
  • V500R001C60
  • V500R005C00
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
NIP6600
Default Status
unaffected
Versions
Affected
  • V500R001C30
  • V500R001C60
  • V500R005C00
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
NIP6800
Default Status
unaffected
Versions
Affected
  • V500R001C60
  • V500R005C00
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
Secospace USG6300
Default Status
unaffected
Versions
Affected
  • V500R001C30
  • V500R001C60
  • V500R005C00
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
Secospace USG6500
Default Status
unaffected
Versions
Affected
  • V500R001C30
  • V500R001C60
  • V500R005C00
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
Secospace USG6600
Default Status
unaffected
Versions
Affected
  • V500R001C30
  • V500R005C00
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
USG6000V
Default Status
unaffected
Versions
Affected
  • V500R003C00
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en
N/A
Hyperlink: https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:28 Dec, 2024 | 07:15
Updated At:13 Jan, 2025 | 18:40

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>ips_module_firmware>>v500r001c30
cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>ips_module_firmware>>v500r001c60
cpe:2.3:o:huawei:ips_module_firmware:v500r001c60:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>ips_module_firmware>>v500r005c00
cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>ips_module>>-
cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>ngfw_module_firmware>>v500r002c00
cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>ngfw_module_firmware>>v500r002c20
cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c20:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>ngfw_module_firmware>>v500r005c00
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>ngfw_module>>-
cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6300_firmware>>v500r001c30
cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6300_firmware>>v500r001c60
cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6300_firmware>>v500r005c00
cpe:2.3:o:huawei:nip6300_firmware:v500r005c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6300>>-
cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6600_firmware>>v500r001c30
cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6600_firmware>>v500r001c60
cpe:2.3:o:huawei:nip6600_firmware:v500r001c60:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6600_firmware>>v500r005c00
cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6600>>-
cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6800_firmware>>v500r001c60
cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6800_firmware>>v500r005c00
cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>nip6800>>-
cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6300_firmware>>v500r001c30
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6300_firmware>>v500r001c60
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6300_firmware>>v500r005c00
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6300>>-
cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6500_firmware>>v500r001c30
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6500_firmware>>v500r001c60
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6500_firmware>>v500r005c00
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6500>>-
cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6600_firmware>>v500r001c30
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6600_firmware>>v500r005c00
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>secospace_usg6600>>-
cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>usg6000v_firmware>>v500r003c00
cpe:2.3:o:huawei:usg6000v_firmware:v500r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>usg6000v>>-
cpe:2.3:h:huawei:usg6000v:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondarypsirt@huawei.com
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: psirt@huawei.com
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-enpsirt@huawei.com
Vendor Advisory
Hyperlink: https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

219Records found
CVE-2023-52365
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.03% / 5.98%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:04
Updated-13 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1820
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:11
Updated-13 Jan, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1824
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:37
Updated-13 Jan, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1823
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:29
Updated-13 Jan, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1830
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.59%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 23:35
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg9500_firmwaresecospace_usg6600nip6800_firmwarenip6800secospace_usg6600_firmwareusg9500NIP6800Secospace USG6600, USG9500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1821
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:16
Updated-13 Jan, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1819
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 10:05
Updated-10 Jan, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-secospace_usg6300_firmwaresecospace_usg6600_firmwarenip6800usg6000vngfw_modulengfw_module_firmwareips_module_firmwaresecospace_usg6300secospace_usg6500ips_modulenip6600_firmwareusg6000v_firmwarenip6300secospace_usg6500_firmwarenip6800_firmwarenip6600nip6300_firmwaresecospace_usg6600Secospace USG6600USG6000VNIP6600NGFW ModuleNIP6300Secospace USG6300Secospace USG6500NIP6800IPS Module
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1818
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 10:02
Updated-10 Jan, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-secospace_usg6300_firmwaresecospace_usg6600_firmwarenip6800usg6000vngfw_modulengfw_module_firmwareips_module_firmwaresecospace_usg6300secospace_usg6500ips_modulenip6600_firmwareusg6000v_firmwarenip6300secospace_usg6500_firmwarenip6800_firmwarenip6600nip6300_firmwaresecospace_usg6600Secospace USG6600USG6000VNIP6600NGFW ModuleNIP6300Secospace USG6300Secospace USG6500NIP6800IPS Module
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-7935
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-1.65% / 81.22%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 11:55
Updated-24 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-e5573cs-322e5573cs-322_firmware E5573Cs-322
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0117
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.15%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUIHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-37013
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.73%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:27
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-54628
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.69%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:10
Updated-06 Aug, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-EMUIHarmonyOS
CWE ID-CWE-118
Incorrect Access of Indexable Resource ('Range Error')
CVE-2021-37029
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:14
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2025-53173
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.12%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:05
Updated-14 Jul, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-36997
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.73%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:27
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2022-46313
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.15%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-6273
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.42%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 09:07
Updated-11 Oct, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-46755
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.12%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 10:11
Updated-03 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-284
Improper Access Control
CVE-2023-4565
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 01:25
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-44094
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 10:43
Updated-18 Sep, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-41306
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 24.29%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 01:14
Updated-24 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-22490
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.30%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:25
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-287
Improper Authentication
CVE-2021-22338
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.30%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 18:51
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ecns280_firmwareecns280eCNS280
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-22321
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.16%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 19:03
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s9700secospace_usg6500_firmwarenip6300secospace_usg6500usg9500_firmwares2700_firmwares1700_firmwares2700s7700_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6300_firmwares7700usg9500s1700nip6600s12700s5700_firmwares6700_firmwares12700_firmwarenip6800_firmwares9700_firmwarenip6800nip6600_firmwares5700s6700secospace_usg6600secospace_usg6300_firmwareNIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500
CWE ID-CWE-416
Use After Free
CVE-2021-22362
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 12:18
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudengine_7800cloudengine_5800_firmwarecloudengine_5800cloudengine_6800_firmwarecloudengine_6800cloudengine_7800_firmwarecloudengine_12800cloudengine_12800_firmwareCloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9138
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.13%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 22:00
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-58113
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:38
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CVE-2024-56445
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.66%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 03:00
Updated-13 Jan, 2025 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-52112
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.61%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 07:57
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-44102
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.75%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:50
Updated-18 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-40009
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.66%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiharmonyosemuiMagic UIHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40001
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.60%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-34156
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-384
Session Fixation
CVE-2019-5235
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.79%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 23:09
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-neo-al00d_firmwarehima-al00bjohnson-l22d_firmwarevogue-al00a_firmwarejohnson-l21d_firmwarebla-tl00b_firmwareelle-tl00bjackman-l21_firmwarecolumbia-l29d_firmwareharry-al00ccolumbia-tl00dcolumbia-al10ivogue-tl00b_firmwarevogue-al10c-preload_firmwarehima-al00b_firmwarebla-tl00bharry-tl00c_firmwareever-l29b_firmwareharry-al10balp-tl00bprinceton-al10ipotter-al00cjackman-l22_firmwarejohnson-l42ifjohnson-tl00ftony-tl00b_firmwareelle-tl00b_firmwareelle-al00b_firmwaretony-tl00bjohnson-tl00d_firmwarepotter-al00c_firmwareever-al00b_firmwarecolumbia-al10b_firmwarealp-tl00b_firmwarejohnson-l23cprinceton-tl10c_firmwarejohnson-l22celle-al00bjohnson-al10cjohnson-l42iejohnson-l42ie_firmwareprinceton-al10b_firmwarevogue-al10c_firmwareharry-al10b_firmwarelaya-al00ep_firmwarecharlotte-al00aprinceton-tl10cvogue-al00a-preloadprinceton-al10i_firmwarevogue-al10c-preloademily-tl00b_firmwarevogue-al00a-preload_firmwarevogue-tl00bjohnson-al10c_firmwarelaya-al00eppotter-al10aprinceton-al10d_firmwarecharlotte-tl00bcharlotte-tl00b_firmwarebla-al00b_firmwarecolumbia-tl00d_firmwareever-l29bcolumbia-l29dever-al00bcolumbia-al10bemily-al00a_firmwaretony-al00b_firmwarejackman-l22jackman-l23jackman-l23_firmwarejohnson-l21c_firmwarejohnson-l23c_firmwareemily-tl00bjohnson-l42if_firmwarebla-al00bemily-al00ajohnson-tl00djohnson-l22dharry-tl00cjohnson-l22c_firmwaretony-al00bharry-al00c_firmwareprinceton-al10djohnson-tl00f_firmwarealp-al00b_firmwarejohnson-al00icjohnson-al00ic_firmwarejohnson-l21dprinceton-al10bvogue-al10ccharlotte-al00a_firmwarecolumbia-al10i_firmwarepotter-al10a_firmwarejackman-l21johnson-l21cjohnson-l42ic_firmwarealp-al00bneo-al00djohnson-l42icvogue-al00aHarry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-37032
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:15
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2024-51518
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.33%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 09:08
Updated-06 Nov, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOSharmonyos
CWE ID-CWE-248
Uncaught Exception
CVE-2021-22344
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 11:10
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2021-22347
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 10:58
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2020-9085
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 09:37
Updated-13 Jan, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-b612b612_firmwareHUAWEI 4G Router B612
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-9074
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 14:16
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-honor_20honor_20_prohonor_view_20honor_20_pro_firmwarehonor_20_firmwarehonor_view_20_firmwareHONOR 20Honor View 20HONOR 20 PRO
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-41587
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.46%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-48479
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.39%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-46317
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48292
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.43%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48312
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.08% / 24.66%
||
7 Day CHG~0.00%
Published-16 Apr, 2023 | 06:01
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54637
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:33
Updated-11 Aug, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-37114
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIEMUIHarmony OS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54643
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 0.34%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:45
Updated-06 Aug, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-EMUIHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54647
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:51
Updated-13 Aug, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54644
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 0.30%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:47
Updated-06 Aug, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-EMUIHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found