Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-22299

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-06 Feb, 2021 | 01:53
Updated At-03 Aug, 2024 | 18:37
Rejected At-
Credits

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:06 Feb, 2021 | 01:53
Updated At:03 Aug, 2024 | 18:37
Rejected At:
▼CVE Numbering Authority (CNA)

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.

Affected Products
Vendor
n/a
Product
ManageOne
Versions
Affected
  • 6.5.0
  • 6.5.0.SPC100.B210
  • 6.5.1.1.B010
  • 6.5.1.1.B020
  • 6.5.1.1.B030
  • 6.5.1.1.B040
  • 6.5.1.SPC100.B050
  • 6.5.1.SPC101.B010
  • 6.5.1.SPC101.B040
  • 6.5.1.SPC200
  • 6.5.1.SPC200.B010
  • 6.5.1.SPC200.B030
  • 6.5.1.SPC200.B040
  • 6.5.1.SPC200.B050
  • 6.5.1.SPC200.B060
  • 6.5.1.SPC200.B070
  • 6.5.1RC1.B060
  • 6.5.1RC2.B020
  • 6.5.1RC2.B030
  • 6.5.1RC2.B040
  • 6.5.1RC2.B050
  • 6.5.1RC2.B060
  • 6.5.1RC2.B070
  • 6.5.1RC2.B080
  • 6.5.1RC2.B090
  • 6.5.RC2.B050
  • 8.0.0
  • 8.0.0-LCND81
  • 8.0.0.SPC100
  • 8.0.1
  • 8.0.RC2
  • 8.0.RC3
  • 8.0.RC3.B041
  • 8.0.RC3.SPC100
Vendor
n/a
Product
NFV_FusionSphere
Versions
Affected
  • 6.5.1.SPC23
  • 8.0.0.SPC12
Vendor
n/a
Product
SMC2.0
Versions
Affected
  • V600R019C00
  • V600R019C10
Vendor
n/a
Product
iMaster MAE-M
Versions
Affected
  • MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220
Problem Types
TypeCWE IDDescription
textN/ALocal Privilege Escalation
Type: text
CWE ID: N/A
Description: Local Privilege Escalation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en
x_refsource_CONFIRM
Hyperlink: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:06 Feb, 2021 | 02:15
Updated At:12 Jul, 2022 | 17:42

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>imaster_mae-m>>v100r020c10spc220
cpe:2.3:a:huawei:imaster_mae-m:v100r020c10spc220:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.0
cpe:2.3:a:huawei:manageone:6.5.0:-:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.0
cpe:2.3:a:huawei:manageone:6.5.0:rc2.b050:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.0
cpe:2.3:a:huawei:manageone:6.5.0:spc100.b210:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:-:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc2.b050:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc2.b080:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc100.b050:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc101.b010:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc101.b040:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc200:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc200.b010:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc200.b030:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc200.b040:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc200.b050:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc200.b060:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1
cpe:2.3:a:huawei:manageone:6.5.1:spc200.b070:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1.1
cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1.1
cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1.1
cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>6.5.1.1
cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>8.0.0
cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>8.0.0
cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>8.0.0
cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>8.0.0
cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>8.0.0
cpe:2.3:a:huawei:manageone:8.0.0:rc3.b041:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>8.0.0
cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>8.0.0
cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>manageone>>8.0.1
cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>network_functions_virtualization_fusionsphere>>6.5.1
cpe:2.3:a:huawei:network_functions_virtualization_fusionsphere:6.5.1:spc12:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>network_functions_virtualization_fusionsphere>>6.5.1
cpe:2.3:a:huawei:network_functions_virtualization_fusionsphere:6.5.1:spc23:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>smc2.0_firmware>>v600r019c00
cpe:2.3:o:huawei:smc2.0_firmware:v600r019c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>smc2.0_firmware>>v600r019c10
cpe:2.3:o:huawei:smc2.0_firmware:v600r019c10:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>smc2.0>>-
cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-enpsirt@huawei.com
Vendor Advisory
Hyperlink: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

91Records found
CVE-2021-33658
Matching Score-8
Assigner-openEuler
ShareView Details
Matching Score-8
Assigner-openEuler
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-02 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.

Action-Not Available
Vendor-OpenAtom FoundationopenEuler (OpenAtom Foundation)Huawei Technologies Co., Ltd.
Product-atuneopeneuleratune
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-22425
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:20
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-415
Double Free
CVE-2021-22451
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:31
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-22418
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:21
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-22361
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.85%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 17:41
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ecns280_firmwareecns280ese620x_vess_firmwareese620x_vesseCNS280;eSE620X vESS
CVE-2021-22397
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.50%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:24
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-manageoneManageOne
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22470
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:31
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CVE-2021-22385
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.40%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 13:04
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI;HarmonyOS
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-22420
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.99%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:21
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing..

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-22396
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.74%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:08
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ecns280_tdese620x_vess_firmwareecns280_td_firmwareese620x_vesseCNS280_TD;eSE620X vESS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-22314
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 19:13
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-manageoneManageOne
CVE-2021-22421
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:18
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-22316
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 4.96%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 15:42
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-22422
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:16
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-22335
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.85%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 19:25
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22464
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-3.3||LOW
EPSS-0.02% / 4.72%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:33
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22423
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:21
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22416
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.89%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:18
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CVE-2018-7910
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 6.75%
||
7 Day CHG~0.00%
Published-13 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-bla-l09calp-tl00bbla-l29c_firmwarebla-l09c_firmwarealp-tl00b_firmwarebla-al00bbla-al00b_firmwarealp-al00balp-al00b_firmwarebla-l29cALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C
CWE ID-CWE-287
Improper Authentication
CVE-2015-8673
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 5.94%
||
7 Day CHG~0.00%
Published-12 Jan, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-te30te50te40te60te60_firmwaren/a
CVE-2020-9072
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.50%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:34
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-osdosd_firmwareOSD
CVE-2020-9137
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.56%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 15:47
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudengine_7800cloudengine_5800_firmwarecloudengine_5800cloudengine_6800_firmwarecloudengine_6800cloudengine_7800_firmwarecloudengine_12800cloudengine_12800_firmwareCloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9114
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.91%
||
7 Day CHG~0.00%
Published-01 Dec, 2020 | 00:04
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-9147
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 17:51
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9248
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.50%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 12:24
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CVE-2020-9244
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 5.69%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 18:46
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_20honor_v20_firmwarehonor_20_promate_20_rs_firmwarep30_prohonor_20_firmwaremate_20_x_firmwarehonor_magic_2p30_pro_firmwarep30honor_20mate_20_firmwaremate_20_rsp30_firmwaremate_20_prohonor_20_pro_firmwaremate_20_xhonor_magic_2_firmwaremate_20_pro_firmwarehonor_v20HUAWEI Mate 20;HUAWEI Mate 20 Pro;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;HUAWEI Mate 20 RS;HonorMagic2;Honor20;Honor20 PRO;HonorMagic2;HonorV20
CVE-2020-9127
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.59%
||
7 Day CHG~0.00%
Published-13 Nov, 2020 | 14:46
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-nip6600secospace_usg6500_firmwarenip6300secospace_usg6500usg9500_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6600_firmwarenip6300_firmwareusg9500secospace_usg6600secospace_usg6300_firmwareNIP6300;NIP6600;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9084
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.73%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 18:06
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-an00b_firmwaretaurus-an00bTaurus-AN00B
CWE ID-CWE-416
Use After Free
CVE-2020-9119
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 15:49
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_10p40_promate_30p40_pro_firmwaremate_30_pro_firmwaremate_30_firmwarep40_firmwaremate_30_prop40mate_10_firmwareHUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro
CVE-2020-9200
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.67%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 15:41
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-imanager_neteco_6000iManager NetEco 6000
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CVE-2020-9237
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 15:16
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-al00b_firmwaretaurus-al00bTaurus-AL00B
CWE ID-CWE-416
Use After Free
CVE-2020-9206
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 17:35
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-eudc660_firmwareeudc660eUDC660
CVE-2020-9078
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-10 Aug, 2020 | 19:14
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CVE-2020-9105
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.50%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 12:30
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-an00b_firmwaretaurus-an00bTaurus-AN00B
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9090
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.85%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:29
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusionaccessFusionAccess
CVE-2020-9117
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-01 Dec, 2020 | 00:02
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-nova_4_firmwarenova_4sydneym-al00_firmwaresydneym-al00HUAWEI nova 4;SydneyM-AL00
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9125
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.02%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 17:22
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_30mate_30_firmwareHUAWEI Mate 30
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8196
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.2||MEDIUM
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-fusionsphereFusionSphere
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-8192
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.49%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-fusionsphere_openstackFusionSphere OpenStack
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-1796
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 14:54
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_30_promate_30_pro_firmwaremate_20mate_20_firmwareHUAWEI Mate 20;HUAWEI Mate 30 Pro
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-1817
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 21:23
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-pcmanagerPCManager
CVE-2020-1789
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.23%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 02:50
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-osca-550x_firmwareosca-550axosca-550osca-550a_firmwareosca-550xosca-550ax_firmwareosca-550_firmwareosca-550aOSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X
CWE ID-CWE-287
Improper Authentication
CVE-2020-1845
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.50%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:26
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-pcmanagerPCManager
CVE-2021-39976
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 14:53
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudengine_5800cloudengine_5800_firmwareCloudEngine 5800
CVE-2020-1813
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 4.96%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 14:22
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p30_firmwarep30HUAWEI P30
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-1843
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.07% / 21.22%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 02:14
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-osca-550x_firmwareosca-550axhege-560osca-550osca-550a_firmwareosca-550xosca-550ax_firmwareosca-550_firmwareosca-550ahege-560_firmwareOSCA-550AOSCA-550HEGE-560OSCA-550AXOSCA-550X
CVE-2020-1844
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.22%
||
7 Day CHG~0.00%
Published-28 Feb, 2020 | 18:52
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-pcmanagerPCManager
CVE-2020-1842
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.23%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 03:03
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-osca-550x_firmwareosca-550axhege-560osca-550osca-550a_firmwareosca-550xosca-550ax_firmwareosca-550_firmwareosca-550ahege-560_firmwareOSCA-550, OSCA-550AHEGE-560OSCA-550AX, OSCA-550X
CWE ID-CWE-287
Improper Authentication
CVE-2017-8190
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.25%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-fusionsphere_openstackFusionSphere OpenStack
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-31172
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.71%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:54
Updated-07 May, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
  • Previous
  • 1
  • 2
  • Next
Details not found