Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-1692

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-20 May, 2023 | 14:10
Updated At-21 Jan, 2025 | 17:10
Rejected At-
Credits

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:20 May, 2023 | 14:10
Updated At:21 Jan, 2025 | 17:10
Rejected At:
â–¼CVE Numbering Authority (CNA)

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
HarmonyOS
Default Status
unaffected
Versions
Affected
  • 3.0.0
  • 3.1.0
  • 2.1.0
  • 2.0.1
  • 2.0.0
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
EMUI
Default Status
unaffected
Versions
Affected
  • 13.0.0
  • 12.0.1
  • 12.0.0
  • 11.0.1
Problem Types
TypeCWE IDDescription
N/AN/AImproper Input Validation
Type: N/A
CWE ID: N/A
Description: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2023/4/
N/A
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202304-0000001506528486
N/A
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2023/4/
Resource: N/A
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202304-0000001506528486
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2023/4/
x_transferred
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202304-0000001506528486
x_transferred
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2023/4/
Resource:
x_transferred
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202304-0000001506528486
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-732CWE-732 Incorrect Permission Assignment for Critical Resource
Type: CWE
CWE ID: CWE-732
Description: CWE-732 Incorrect Permission Assignment for Critical Resource
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:20 May, 2023 | 15:15
Updated At:21 Jan, 2025 | 18:15

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>emui>>11.0.1
cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>12.0.0
cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>12.0.1
cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>13.0.0
cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>2.0
cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>2.0.1
cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>2.1
cpe:2.3:o:huawei:harmonyos:2.1:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>3.0.0
cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>3.1.0
cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE-732Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-732
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://consumer.huawei.com/en/support/bulletin/2023/4/psirt@huawei.com
Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202304-0000001506528486psirt@huawei.com
Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2023/4/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202304-0000001506528486af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2023/4/
Source: psirt@huawei.com
Resource:
Vendor Advisory
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202304-0000001506528486
Source: psirt@huawei.com
Resource:
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2023/4/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202304-0000001506528486
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

284Records found
CVE-2023-52107
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.59%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 08:25
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-38991
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOSEMUI
CVE-2022-39011
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.49%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2022-38985
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38978
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-38992
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOSEMUI
CVE-2022-38997
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:57
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-38984
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-39001
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.01%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:57
Updated-03 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosmagic_uiHarmonyOSEMUIMagic UI
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-38998
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38981
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.72%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-39010
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:57
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2024-42031
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 08:56
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CVE-2024-42039
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 01:35
Updated-18 Sep, 2025 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-285
Improper Authorization
CVE-2022-37005
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.37%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:11
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2024-42036
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-2.5||LOW
EPSS-0.13% / 33.04%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 09:28
Updated-18 Sep, 2025 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-285
Improper Authorization
CVE-2022-34739
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:53
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2024-45450
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4||MEDIUM
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 01:15
Updated-12 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31757
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 15:05
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-31761
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.72%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 15:07
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2024-30417
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.07%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:16
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-30414
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.69% / 71.41%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:04
Updated-13 Mar, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-27897
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.71%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 09:25
Updated-13 Mar, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-9228
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.72%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 14:43
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CVE-2024-12602
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 14.65%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:27
Updated-17 Mar, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2023-52546
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.61%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:54
Updated-28 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-52541
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:47
Updated-13 Mar, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-862
Missing Authorization
CVE-2023-52714
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.01%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:43
Updated-13 Mar, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-657
Violation of Secure Design Principles
CVE-2023-52549
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.71%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:55
Updated-13 Mar, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52379
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 06:10
Updated-18 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOSemuiharmonyos
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-52104
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 38.88%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 09:23
Updated-02 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CVE-2022-22256
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2023-44104
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.16%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:52
Updated-18 Sep, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2023-52373
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:52
Updated-27 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2023-52387
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.54%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 02:52
Updated-27 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-664
Improper Control of a Resource Through its Lifetime
CVE-2022-22254
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2023-49239
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 09:04
Updated-02 Dec, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-49246
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 09:01
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-49247
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:32
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-49244
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:58
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2023-49240
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 09:06
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-49242
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:49
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2023-49243
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:56
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2023-46771
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.55%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 09:03
Updated-04 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-46759
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.41%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 10:20
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-284
Improper Access Control
CVE-2023-46757
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 10:13
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-27895
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.08%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 09:23
Updated-28 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-284
Improper Access Control
CVE-2023-44117
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 07:49
Updated-17 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-44113
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.13%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:42
Updated-11 Oct, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-862
Missing Authorization
CVE-2023-44093
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.71%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 10:36
Updated-18 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found