HUAWEI Security Vulnerabilities
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.
7.5CVSS
7.5AI Score
0.001EPSS
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.
9.1CVSS
9AI Score
0.001EPSS
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.
5.3CVSS
5.1AI Score
0.001EPSS
The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.
9.8CVSS
9.3AI Score
0.002EPSS
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.
7.5CVSS
7.4AI Score
0.001EPSS
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.
7.5CVSS
7.4AI Score
0.001EPSS
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.
5.3CVSS
5.2AI Score
0.001EPSS
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).
5.5CVSS
5.4AI Score
0.0004EPSS
There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.
4.3CVSS
4.5AI Score
0.001EPSS
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.2AI Score
0.002EPSS
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
9.1CVSS
9.1AI Score
0.002EPSS
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
9.1CVSS
9.1AI Score
0.002EPSS
The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.
9.8CVSS
9.2AI Score
0.002EPSS
The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.
9.8CVSS
9.3AI Score
0.002EPSS
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
9.8CVSS
9.2AI Score
0.001EPSS
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
9.8CVSS
9.2AI Score
0.001EPSS
Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.
7.5CVSS
7.5AI Score
0.001EPSS
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
9.8CVSS
9.2AI Score
0.001EPSS
Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.
9.1CVSS
9AI Score
0.0005EPSS
The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.
7.5CVSS
7.5AI Score
0.001EPSS
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
7.5CVSS
7.5AI Score
0.001EPSS
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.
7.5CVSS
7.5AI Score
0.001EPSS
The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.
7.5CVSS
7.5AI Score
0.001EPSS
The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.
9.8CVSS
9.1AI Score
0.002EPSS
There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device.
6.8CVSS
6.7AI Score
0.001EPSS
The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.
9.1CVSS
9AI Score
0.001EPSS
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
7.5CVSS
7.5AI Score
0.001EPSS
The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.
7.5CVSS
7.5AI Score
0.001EPSS
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.
7.5CVSS
7.4AI Score
0.001EPSS
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
7.5CVSS
7.5AI Score
0.001EPSS
The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.
7.5CVSS
7.5AI Score
0.001EPSS
The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.
9.8CVSS
9.4AI Score
0.002EPSS