Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-34737

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-11 Jul, 2022 | 13:53
Updated At-03 Aug, 2024 | 09:22
Rejected At-
Credits

The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:11 Jul, 2022 | 13:53
Updated At:03 Aug, 2024 | 09:22
Rejected At:
▼CVE Numbering Authority (CNA)

The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
HarmonyOS
Versions
Affected
  • 2.0
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
EMUI
Versions
Affected
  • 10.1.0
  • 10.1.1
  • 11.0.0
  • 11.0.1
  • 12.0.0
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
Magic UI
Versions
Affected
  • 3.1.0
  • 3.1.1
  • 4.0.0
Problem Types
TypeCWE IDDescription
textN/AImproper permission assignment vulnerability
Type: text
CWE ID: N/A
Description: Improper permission assignment vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2022/7/
x_refsource_MISC
https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202207-0000001342389149
x_refsource_MISC
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2022/7/
Resource:
x_refsource_MISC
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202207-0000001342389149
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2022/7/
x_refsource_MISC
x_transferred
https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202207-0000001342389149
x_refsource_MISC
x_transferred
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2022/7/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202207-0000001342389149
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:12 Jul, 2022 | 14:15
Updated At:19 Jul, 2022 | 12:23

The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary2.06.4MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 2.0
Base score: 6.4
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>emui>>10.1.0
cpe:2.3:o:huawei:emui:10.1.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>10.1.1
cpe:2.3:o:huawei:emui:10.1.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>11.0.0
cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>11.0.1
cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>12.0.0
cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>2.0
cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>magic_ui>>3.1.0
cpe:2.3:o:huawei:magic_ui:3.1.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>magic_ui>>3.1.1
cpe:2.3:o:huawei:magic_ui:3.1.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>magic_ui>>4.0.0
cpe:2.3:o:huawei:magic_ui:4.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://consumer.huawei.com/en/support/bulletin/2022/7/psirt@huawei.com
Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202207-0000001342389149psirt@huawei.com
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2022/7/
Source: psirt@huawei.com
Resource:
Vendor Advisory
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202207-0000001342389149
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

87Records found
CVE-2022-48312
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.08% / 24.66%
||
7 Day CHG~0.00%
Published-16 Apr, 2023 | 06:01
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-48290
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.67%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-37088
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:05
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-37023
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.31%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:26
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network..

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-52953
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.22%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 01:48
Updated-13 Jan, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-5801
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.19%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 02:48
Updated-04 Sep, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-31170
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:50
Updated-07 May, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-41296
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 32.15%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 11:37
Updated-24 Sep, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-862
Missing Authorization
CVE-2023-39401
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 28.69%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:37
Updated-09 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-285
Improper Authorization
CVE-2023-39385
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.08% / 24.66%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:19
Updated-10 Oct, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-16
Not Available
CVE-2023-39399
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.07% / 20.74%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:35
Updated-09 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-275
Not Available
CWE ID-CWE-285
Improper Authorization
CVE-2023-39400
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 28.69%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:36
Updated-09 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-285
Improper Authorization
CVE-2023-39407
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.15% / 36.42%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 08:45
Updated-24 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22448
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.15% / 35.62%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 18:11
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2022-39003
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.17% / 39.16%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:58
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-39008
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.20% / 42.07%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:55
Updated-03 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-9141
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.70%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:53
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2024-58125
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:43
Updated-07 May, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-58124
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:41
Updated-07 May, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-31760
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.13% / 32.86%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 15:03
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2023-39402
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 28.69%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:38
Updated-09 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-285
Improper Authorization
CVE-2021-46840
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.86%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39403
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.54%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:40
Updated-09 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2023-39398
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.07% / 20.74%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:34
Updated-09 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-275
Not Available
CWE ID-CWE-285
Improper Authorization
CVE-2021-46839
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.86%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-39982
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.98%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37087
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:05
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-37064
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:02
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-48348
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 27.43%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-24 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-41581
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.13% / 32.87%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-58126
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:47
Updated-07 May, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-58127
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:48
Updated-07 May, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2020-1871
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-8.2||HIGH
EPSS-0.17% / 38.96%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 14:25
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-usg9500_firmwareusg9500USG9500
CVE-2023-1693
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.86%
||
7 Day CHG~0.00%
Published-20 May, 2023 | 14:12
Updated-21 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-48360
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-46761
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.76%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-37030
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.88%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:14
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-37132
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.10%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-37103
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.19%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 18:11
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-36989
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 39.15%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:26
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-6273
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.42%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 09:07
Updated-11 Oct, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-52954
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 01:51
Updated-13 Jan, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-701
Not Available
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-52545
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:53
Updated-13 Mar, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-52362
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.34%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:00
Updated-13 Mar, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-46587
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.59%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 07:14
Updated-09 May, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-46586
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 0.65%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 07:05
Updated-09 May, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-52717
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.66%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 09:03
Updated-13 Mar, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-46773
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.98%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:31
Updated-02 Aug, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-44548
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.41%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-22346
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 20:55
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • Next
Details not found