Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-22444

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-02 Aug, 2021 | 17:00
Updated At-03 Aug, 2024 | 18:44
Rejected At-
Credits

There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:02 Aug, 2021 | 17:00
Updated At:03 Aug, 2024 | 18:44
Rejected At:
▼CVE Numbering Authority (CNA)

There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
EMUI
Versions
Affected
  • 11.0.0
  • 10.1.1
  • 10.1.0
  • 10.0.0
  • 9.1.1
  • 9.1.0
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
Magic UI
Versions
Affected
  • 4.0.0
  • 3.1.1
  • 3.1.0
  • 3.0.0
  • 2.1.1
Problem Types
TypeCWE IDDescription
textN/AInput Verification Vulnerability
Type: text
CWE ID: N/A
Description: Input Verification Vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2021/6/
x_refsource_MISC
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2021/6/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2021/6/
x_refsource_MISC
x_transferred
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2021/6/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:02 Aug, 2021 | 17:15
Updated At:09 Dec, 2021 | 17:55

There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>emui>>9.1.0
cpe:2.3:o:huawei:emui:9.1.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>9.1.1
cpe:2.3:o:huawei:emui:9.1.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>10.0.0
cpe:2.3:o:huawei:emui:10.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>10.1.0
cpe:2.3:o:huawei:emui:10.1.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>10.1.1
cpe:2.3:o:huawei:emui:10.1.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>11.0.0
cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>magic_ui>>2.1.1
cpe:2.3:o:huawei:magic_ui:2.1.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>magic_ui>>3.0.0
cpe:2.3:o:huawei:magic_ui:3.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>magic_ui>>3.1.0
cpe:2.3:o:huawei:magic_ui:3.1.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>magic_ui>>3.1.1
cpe:2.3:o:huawei:magic_ui:3.1.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>magic_ui>>4.0.0
cpe:2.3:o:huawei:magic_ui:4.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://consumer.huawei.com/en/support/bulletin/2021/6/psirt@huawei.com
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2021/6/
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1335Records found
CVE-2023-41294
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.90%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 11:00
Updated-24 Sep, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-52103
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.57%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 09:20
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52378
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 06:09
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2023-52381
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.57%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 06:13
Updated-13 Mar, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-52370
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.63%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:41
Updated-24 Apr, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOSharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37242
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.29%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:31
Updated-19 Nov, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-0708
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.44% / 99.99%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft CorporationSiemens AGHuawei Technologies Co., Ltd.
Product-ch240umaaxiom_multix_mrh1288_v2_firmwarerh5885_v3multix_pro_acssaxiom_vertix_solitaire_msyngo_lab_process_managerx6000multix_pro_acss_firmwareaxiom_multix_m_firmwaremultix_swing_firmwarerh5885_v3_firmwareoceanstor_hvs85tmultix_pro_p_firmwarebh622_v2_firmwareoceanstor_18500bh621_v2_firmwarerh2265_v2windows_7ch140bh620_v2aptio_firmwarech121oceanstor_18500_firmwarerh1288a_v2_firmwarerh2285h_v2ch221_firmwareespace_ecs_firmwaregtsoftx3000_firmwaresmc2.0_firmwarech242_v3centralinkmultix_top_acss_pmultix_proatellica_solutionch242uma_firmwarerh2288e_v2smc2.0rh2288h_v2rapidpoint_500_firmwarech221oceanstor_hvs85t_firmwarerh2288_v2lantisrh2285_v2_firmwaree6000_chassis_firmwareelog_firmwaremultix_top_pbh640_v2ch240_firmwarerh1288_v2seco_vsmviva_e_firmwarerh2485_v2rh2288_v2_firmwarech222_firmwarech140_firmwarevertix_solitaire_firmwarelantis_firmwarerh5885_v2ch220_firmwaremultix_swingaptiorapidpoint_500streamlab_firmwareagile_controller-campus_firmwaremobilett_xp_digital_firmwarerh2268_v2x8000axiom_vertix_md_trauma_firmwaremultix_pro_navy_firmwarerh1288a_v2x8000_firmwarerh5885_v2_firmwaregtsoftx3000vertix_solitaireatellica_solution_firmwarech220multix_pro_firmwarebh622_v2multix_top_acss_firmwareaxiom_vertix_md_traumarh2285_v2oceanstor_hvs88t_firmwarewindows_server_2008oceanstor_18800frh2265_v2_firmwarerh2268_v2_firmwareelogmultix_topbh621_v2rh2288a_v2_firmwaremobilett_xp_digitale6000_firmwarebh640_v2_firmwaremultix_pro_acss_p_firmwarech242_firmwarerh2285h_v2_firmwarerh2288e_v2_firmwareoceanstor_18800f_firmwareviva_ex6000_firmwarebh620_v2_firmwareespace_ecse6000centralink_firmwarech121_firmwaremultix_top_firmwaremultix_top_p_firmwareviva_twinrh2288a_v2multix_top_acssmultix_pro_acss_pe6000_chassismultix_pro_paxiom_vertix_solitaire_m_firmwareoceanstor_18800oceanstor_18800_firmwarech242_v3_firmwareagile_controller-campusrh2485_v2_firmwaremultix_top_acss_p_firmwareseco_vsm_firmwarestreamlabrh2288h_v2_firmwaremultix_pro_navych222oceanstor_hvs88tviva_twin_firmwareWindows ServerWindowsRemote Desktop Services
CWE ID-CWE-416
Use After Free
CVE-2024-57961
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:33
Updated-17 Mar, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39979
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.38%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-37120
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.98%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-415
Double Free
CVE-2021-39990
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.55%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9144
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.55%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:53
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-48479
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.40%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48478
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.40%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CVE-2022-48513
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 11.94%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:42
Updated-19 Nov, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-48353
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-24 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-48511
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.91%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:39
Updated-19 Nov, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-416
Use After Free
CVE-2022-48255
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-1.67% / 81.36%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-bisheng-wnmbisheng-wnm_firmwareBiSheng-WNM
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-48259
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.72%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-bisheng-wnmbisheng-wnm_firmwareBiSheng-WNM
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-48472
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-1.42% / 79.77%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 12:54
Updated-17 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ota-bisheng_firmwarebisheng-wnm_firmwarebisheng-wnmBiSheng-WNM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-48284
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.47%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-hilink_ai_lifeHarmonyOS AILife Solution 6.0
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-48283
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.47%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-hilink_ai_lifeHarmonyOS AILife Solution 6.0
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-48512
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 29.00%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:22
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-416
Use After Free
CVE-2022-46320
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-46323
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46324
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46319
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46326
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.09%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46327
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.57%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-46325
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5722
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.12%
||
7 Day CHG~0.00%
Published-24 Jun, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ocean_stor_5600_v3ocean_stor_5500_v3ocean_stor_firmwareocean_stor_5800_v3ocean_stor_18500_v3ocean_stor_6800_v3ocean_stor_18800_v3ocean_stor_5300_v3n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-46316
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-44559
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 50.68%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-4576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.35% / 84.26%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-nip6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwaresecospace_antiddos8000_firmwareips_modulesecospace_usg6600nip6600secospace_usg6600_firmwarenip6300_firmwaresecospace_usg6500usg9500_firmwareusg9500nip6300ngfw_modulesecospace_antiddos8000secospace_usg6300_firmwaresecospace_usg6300n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-44558
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 50.68%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-44562
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.70%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-4005
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-hilink_appn/a
CVE-2022-41578
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.52%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38980
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.60%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38983
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.01%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
CVE-2022-39007
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:57
Updated-03 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-39009
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.89%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:57
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-287
Improper Authentication
CVE-2022-39002
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.59%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOS;EMUI;Magic UI
CWE ID-CWE-415
Double Free
CVE-2022-37003
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:10
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-37002
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.84%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:10
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-22258
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 55.99%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOS;EMUI;Magic UI
CVE-2022-32203
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 66.56%
||
7 Day CHG+0.06%
Published-20 Dec, 2024 | 01:54
Updated-10 Jan, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32203.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-cv81-wdmcv81-wdm_firmwareCV81-WDM FW
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-44551
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.23%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-41580
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.52%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-39000
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.59%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:55
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 26
  • 27
  • Next
Details not found