Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-52365

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-18 Feb, 2024 | 03:04
Updated At-13 Mar, 2025 | 18:29
Rejected At-
Credits

Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:18 Feb, 2024 | 03:04
Updated At:13 Mar, 2025 | 18:29
Rejected At:
▼CVE Numbering Authority (CNA)

Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
HarmonyOS
Default Status
unaffected
Versions
Affected
  • 4.0.0
  • 3.1.0
  • 3.0.0
  • 2.0.0
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
EMUI
Default Status
unaffected
Versions
Affected
  • 13.0.0
  • 12.0.0
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2024/2/
N/A
https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405
N/A
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2024/2/
Resource: N/A
Hyperlink: https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2024/2/
x_transferred
https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405
x_transferred
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2024/2/
Resource:
x_transferred
Hyperlink: https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:18 Feb, 2024 | 03:15
Updated At:13 Mar, 2025 | 19:15

Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Secondary3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>emui>>12.0.0
cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>emui>>13.0.0
cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>2.0.0
cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>3.0.0
cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>3.1.0
cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>4.0.0
cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Secondarypsirt@huawei.com
CWE-125Primarynvd@nist.gov
CWE ID: CWE-120
Type: Secondary
Source: psirt@huawei.com
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://consumer.huawei.com/en/support/bulletin/2024/2/psirt@huawei.com
Vendor Advisory
https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405psirt@huawei.com
Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2024/2/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2024/2/
Source: psirt@huawei.com
Resource:
Vendor Advisory
Hyperlink: https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405
Source: psirt@huawei.com
Resource:
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2024/2/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

323Records found
CVE-2020-1820
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:11
Updated-13 Jan, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1819
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 10:05
Updated-10 Jan, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-secospace_usg6300_firmwaresecospace_usg6600_firmwarenip6800usg6000vngfw_modulengfw_module_firmwareips_module_firmwaresecospace_usg6300secospace_usg6500ips_modulenip6600_firmwareusg6000v_firmwarenip6300secospace_usg6500_firmwarenip6800_firmwarenip6600nip6300_firmwaresecospace_usg6600Secospace USG6600USG6000VNIP6600NGFW ModuleNIP6300Secospace USG6300Secospace USG6500NIP6800IPS Module
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1818
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 10:02
Updated-10 Jan, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-secospace_usg6300_firmwaresecospace_usg6600_firmwarenip6800usg6000vngfw_modulengfw_module_firmwareips_module_firmwaresecospace_usg6300secospace_usg6500ips_modulenip6600_firmwareusg6000v_firmwarenip6300secospace_usg6500_firmwarenip6800_firmwarenip6600nip6300_firmwaresecospace_usg6600Secospace USG6600USG6000VNIP6600NGFW ModuleNIP6300Secospace USG6300Secospace USG6500NIP6800IPS Module
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1824
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:37
Updated-13 Jan, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1830
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.76%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 23:35
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg9500_firmwaresecospace_usg6600nip6800_firmwarenip6800secospace_usg6600_firmwareusg9500NIP6800Secospace USG6600, USG9500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1823
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:29
Updated-13 Jan, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1821
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:16
Updated-13 Jan, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1822
Matching Score-10
Assigner-Huawei Technologies
ShareView Details
Matching Score-10
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:21
Updated-13 Jan, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000vnip6300_firmwareips_modulesecospace_usg6600_firmwareips_module_firmwarengfw_module_firmwaresecospace_usg6500_firmwareusg6000v_firmwaresecospace_usg6300secospace_usg6500ngfw_modulesecospace_usg6600nip6600nip6800_firmwarenip6300secospace_usg6300_firmwarenip6800nip6600_firmwareNIP6600NGFW ModuleSecospace USG6300NIP6300NIP6800Secospace USG6600USG6000VIPS ModuleSecospace USG6500
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52112
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 6.37%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 07:57
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-46755
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.09%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 10:11
Updated-03 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-284
Improper Access Control
CVE-2023-0117
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUIHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-22344
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 11:10
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2022-46313
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.49%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-22362
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 12:18
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudengine_7800cloudengine_5800_firmwarecloudengine_5800cloudengine_6800_firmwarecloudengine_6800cloudengine_7800_firmwarecloudengine_12800cloudengine_12800_firmwareCloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9074
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 14:16
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-honor_20honor_20_prohonor_view_20honor_20_pro_firmwarehonor_20_firmwarehonor_view_20_firmwareHONOR 20Honor View 20HONOR 20 PRO
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-9085
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.10%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 09:37
Updated-13 Jan, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-b612b612_firmwareHUAWEI 4G Router B612
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-58113
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:38
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CVE-2023-4565
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.02%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 01:25
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-44094
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.92%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 10:43
Updated-18 Sep, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-34156
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.51%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-384
Session Fixation
CVE-2024-51518
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.48%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 09:08
Updated-06 Nov, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOSharmonyos
CWE ID-CWE-248
Uncaught Exception
CVE-2018-7935
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-4.97% / 89.70%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 11:55
Updated-24 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-e5573cs-322e5573cs-322_firmware E5573Cs-322
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41587
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-56445
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.17%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 03:00
Updated-13 Jan, 2025 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-40001
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.32%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-37032
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:15
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2021-36997
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:27
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2021-37013
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:27
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22338
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.70%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 18:51
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ecns280_firmwareecns280eCNS280
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-22490
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.70%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:25
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-287
Improper Authentication
CVE-2021-22321
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.11%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 19:03
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s9700secospace_usg6500_firmwarenip6300secospace_usg6500usg9500_firmwares2700_firmwares1700_firmwares2700s7700_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6300_firmwares7700usg9500s1700nip6600s12700s5700_firmwares6700_firmwares12700_firmwarenip6800_firmwares9700_firmwarenip6800nip6600_firmwares5700s6700secospace_usg6600secospace_usg6300_firmwareNIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500
CWE ID-CWE-416
Use After Free
CVE-2021-22347
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 10:58
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2020-9138
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 22:00
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40009
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.06%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiharmonyosemuiMagic UIHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54628
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.87%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:10
Updated-06 Aug, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-EMUIHarmonyOS
CWE ID-CWE-118
Incorrect Access of Indexable Resource ('Range Error')
CVE-2025-53173
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.88%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:05
Updated-14 Jul, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-37029
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:14
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2023-6273
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.73%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 09:07
Updated-11 Oct, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-52713
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:41
Updated-13 Mar, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-862
Missing Authorization
CVE-2019-5235
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.99%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 23:09
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-neo-al00d_firmwarehima-al00bjohnson-l22d_firmwarevogue-al00a_firmwarejohnson-l21d_firmwarebla-tl00b_firmwareelle-tl00bjackman-l21_firmwarecolumbia-l29d_firmwareharry-al00ccolumbia-tl00dcolumbia-al10ivogue-tl00b_firmwarevogue-al10c-preload_firmwarehima-al00b_firmwarebla-tl00bharry-tl00c_firmwareever-l29b_firmwareharry-al10balp-tl00bprinceton-al10ipotter-al00cjackman-l22_firmwarejohnson-l42ifjohnson-tl00ftony-tl00b_firmwareelle-tl00b_firmwareelle-al00b_firmwaretony-tl00bjohnson-tl00d_firmwarepotter-al00c_firmwareever-al00b_firmwarecolumbia-al10b_firmwarealp-tl00b_firmwarejohnson-l23cprinceton-tl10c_firmwarejohnson-l22celle-al00bjohnson-al10cjohnson-l42iejohnson-l42ie_firmwareprinceton-al10b_firmwarevogue-al10c_firmwareharry-al10b_firmwarelaya-al00ep_firmwarecharlotte-al00aprinceton-tl10cvogue-al00a-preloadprinceton-al10i_firmwarevogue-al10c-preloademily-tl00b_firmwarevogue-al00a-preload_firmwarevogue-tl00bjohnson-al10c_firmwarelaya-al00eppotter-al10aprinceton-al10d_firmwarecharlotte-tl00bcharlotte-tl00b_firmwarebla-al00b_firmwarecolumbia-tl00d_firmwareever-l29bcolumbia-l29dever-al00bcolumbia-al10bemily-al00a_firmwaretony-al00b_firmwarejackman-l22jackman-l23jackman-l23_firmwarejohnson-l21c_firmwarejohnson-l23c_firmwareemily-tl00bjohnson-l42if_firmwarebla-al00bemily-al00ajohnson-tl00djohnson-l22dharry-tl00cjohnson-l22c_firmwaretony-al00bharry-al00c_firmwareprinceton-al10djohnson-tl00f_firmwarealp-al00b_firmwarejohnson-al00icjohnson-al00ic_firmwarejohnson-l21dprinceton-al10bvogue-al10ccharlotte-al00a_firmwarecolumbia-al10i_firmwarepotter-al10a_firmwarejackman-l21johnson-l21cjohnson-l42ic_firmwarealp-al00bneo-al00djohnson-l42icvogue-al00aHarry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-44102
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.49%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:50
Updated-18 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2017-8163
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR150-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR160 with software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR200 with software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30,AR200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 with software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR2200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30,AR510 with software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30,NetEngine16EX with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,SMC2.0 with software V100R003C10, V100R005C00, V500R002C00, V600R006C00,SRG1300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG2300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG3300 with software V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause out-of-bounds read and system crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-smc2.0ar3200srg3300ar1200-s_firmwarear120-s_firmwarear150-s_firmwarenetengine16exar200-ssrg3300_firmwarear1200-sar160_firmwarear2200-s_firmwarear150ar2200_firmwarear200-s_firmwaresmc2.0_firmwarear1200_firmwarear200ar510_firmwarear200_firmwarear120-sar1200ar3200_firmwarear150_firmwaresrg1300_firmwarear2200-sar160netengine16ex_firmwarear2200srg2300srg2300_firmwarear510srg1300ar150-sAR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR510,NetEngine16EX,SMC2.0,SRG1300,SRG2300,SRG3300
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8199
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 46.17%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-tp3106tp3206_firmwaretp3106_firmwaretp3206max_presence_firmwaremax_presenceMAX PRESENCE,TP3106,TP3206,
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8182
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 23.41%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mtk_platform_smart_phonemtk_platform_smart_phone_firmwareNice-AL00
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8200
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 46.17%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-tp3106tp3206_firmwaretp3106_firmwaretp3206max_presence_firmwaremax_presenceMAX PRESENCE,TP3106,TP3206
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-52550
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.70%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:56
Updated-13 Mar, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52549
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.70%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:55
Updated-13 Mar, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52366
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.36%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:27
Updated-13 Mar, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52364
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.18%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 09:21
Updated-13 Mar, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds write.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52370
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.85%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:41
Updated-24 Apr, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOSharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found