Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-9136

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-27 Sep, 2024 | 10:24
Updated At-27 Sep, 2024 | 15:09
Rejected At-
Credits

Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:27 Sep, 2024 | 10:24
Updated At:27 Sep, 2024 | 15:09
Rejected At:
▼CVE Numbering Authority (CNA)

Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
HarmonyOS
Default Status
unaffected
Versions
Affected
  • 4.2.0
  • 4.0.0
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
EMUI
Default Status
unaffected
Versions
Affected
  • 14.0.0
Problem Types
TypeCWE IDDescription
CWECWE-16CWE-16 Configuration
Type: CWE
CWE ID: CWE-16
Description: CWE-16 Configuration
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2024/10/
N/A
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2024/10/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Huawei Technologies Co., Ltd.huawei
Product
harmonyos
CPEs
  • cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 4.2.0
  • 4.0.0
Vendor
Huawei Technologies Co., Ltd.huawei
Product
emui
CPEs
  • cpe:2.3:o:huawei:emui:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 14.0.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:27 Sep, 2024 | 11:15
Updated At:01 Oct, 2024 | 14:28

Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>emui>>14.0.0
cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>4.0.0
cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>4.2.0
cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-16Secondarypsirt@huawei.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-16
Type: Secondary
Source: psirt@huawei.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://consumer.huawei.com/en/support/bulletin/2024/10/psirt@huawei.com
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2024/10/
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

259Records found
CVE-2023-44096
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.75%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 10:37
Updated-18 Sep, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-44111
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.75%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:59
Updated-18 Sep, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-44113
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.04%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:42
Updated-11 Oct, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-862
Missing Authorization
CVE-2022-38992
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.54%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOSEMUI
CVE-2023-44098
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 09:02
Updated-04 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2023-44100
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:47
Updated-18 Sep, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2023-44101
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:48
Updated-18 Sep, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-44097
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:46
Updated-18 Sep, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-44114
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 12:00
Updated-18 Sep, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9248
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 12:24
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CVE-2020-9237
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 15:16
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-al00b_firmwaretaurus-al00bTaurus-AL00B
CWE ID-CWE-416
Use After Free
CVE-2020-9072
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.46%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:34
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-osdosd_firmwareOSD
CVE-2020-9228
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 14:43
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CVE-2020-9125
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.01%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 17:22
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_30mate_30_firmwareHUAWEI Mate 30
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9127
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.58%
||
7 Day CHG~0.00%
Published-13 Nov, 2020 | 14:46
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-nip6600secospace_usg6500_firmwarenip6300secospace_usg6500usg9500_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6600_firmwarenip6300_firmwareusg9500secospace_usg6600secospace_usg6300_firmwareNIP6300;NIP6600;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9137
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.52%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 15:47
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudengine_7800cloudengine_5800_firmwarecloudengine_5800cloudengine_6800_firmwarecloudengine_6800cloudengine_7800_firmwarecloudengine_12800cloudengine_12800_firmwareCloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9206
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 17:35
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-eudc660_firmwareeudc660eUDC660
CVE-2020-9105
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 12:30
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-an00b_firmwaretaurus-an00bTaurus-AN00B
CWE ID-CWE-20
Improper Input Validation
CVE-2023-41298
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.14%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 11:40
Updated-24 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2023-41308
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.26%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 01:17
Updated-24 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-41305
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.57%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 01:12
Updated-24 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-54631
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.30%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:17
Updated-20 Aug, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of insufficient data length verification in the partition module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosEMUIHarmonyOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-54625
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.26%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:07
Updated-20 Aug, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition vulnerability in the kernel file system module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-414
Missing Lock Check
CVE-2025-54642
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.69%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:44
Updated-11 Aug, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-20
Improper Input Validation
CVE-2025-54641
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.69%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:42
Updated-11 Aug, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-20
Improper Input Validation
CVE-2025-54633
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.36%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:20
Updated-11 Aug, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in the register configuration of the DMA module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54607
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 01:10
Updated-20 Aug, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-41293
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.14%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 12:18
Updated-24 Sep, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-227
Not Available
CVE-2025-53167
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.98%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 01:44
Updated-15 Jul, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication vulnerability in the distributed collaboration framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2025-48908
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.31%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 06:51
Updated-11 Jul, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-567
Unsynchronized Access to Shared Data in a Multithreaded Context
CVE-2022-22256
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.40%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-41599
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.78%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CVE-2025-31174
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:57
Updated-07 May, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-38979
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.54%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-38991
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.54%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOSEMUI
CVE-2019-5232
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.75%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 19:42
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-vp9630vp9660vp9650_firmwarevp9660_firmwarevp9630_firmwarevp9650VP9630, VP9650, VP9660
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2019-5277
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 22:55
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudusm-euacloudusm-eua_firmwareCloudUSM-EUA
CVE-2019-5265
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 17:57
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information leakage.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p30_firmwarep30P30
CVE-2023-39391
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.44%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 12:25
Updated-10 Oct, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-264
Not Available
CVE-2023-39383
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.63%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 11:43
Updated-10 Oct, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2019-19397
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 14:19
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s12700s5700_firmwares6700_firmwares9700s7700s12700_firmwares1700_firmwares2700s7700_firmwares9700_firmwares5700s6700s1700s2700_firmwareS12700;S1700;S2700;S5700;S6700;S7700;S9700
CVE-2022-31757
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.40%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 15:05
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2023-31226
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.88%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUIHarmonyOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-31227
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.88%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUIHarmonyOS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-57955
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:25
Updated-17 Mar, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-57957
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 5.33%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:27
Updated-17 Mar, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-657
Violation of Secure Design Principles
CVE-2024-58107
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.51%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:33
Updated-07 May, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CVE-2024-58048
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.34%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 07:19
Updated-04 Mar, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-HarmonyOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-57954
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 5.69%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:23
Updated-17 Mar, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-56443
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.82%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 02:37
Updated-13 Jan, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found