Vulnerabilities in Huawei

1,367 results
Vexday analysis

Com 1.362 CVEs catalogadas, o portfólio de vulnerabilidades da Huawei apresenta volume expressivo, embora a taxa de exploração ativa esteja abaixo da média geral do catálogo, com nenhuma entrada confirmada no CISA KEV. O tipo de falha mais frequente é CWE-125 (leitura fora dos limites de buffer), padrão que tende a viabilizar vazamento de informações ou condições de instabilidade em equipamentos de rede e sistemas embarcados. A CVE de maior pontuação EPSS no momento é CVE-2019-5285, com índice de 0,0166 — valor baixo em termos absolutos, mas que ainda merece atenção em ambientes onde o ativo afetado esteja exposto. A ausência de PoCs públicas conhecidas reduz a superfície de exploração imediata, mas os 57 registros de severidade crítica e as 47 CVEs surgidas nos últimos 90 dias indicam que a gestão contínua de patches permanece necessária.

CVE-2021-22454A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulneEPSS 0.1%CVE-2021-22455A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause theEPSS 0.1%CVE-2023-52384MEDIUMDouble-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability.EPSS 0.1%CVE-2021-22462A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crEPSS 0.1%CVE-2021-22457A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bEPSS 0.1%CVE-2021-22461A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnEPSS 0.1%CVE-2021-22450A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustiEPSS 0.1%CVE-2021-22459A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System fuEPSS 0.1%CVE-2024-56441MEDIUMRace condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality.EPSS 0.1%CVE-2023-52383MEDIUMDouble-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability.EPSS 0.1%CVE-2021-22453A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby pEPSS 0.1%CVE-2021-22471A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby prEPSS 0.1%CVE-2022-41577HIGHThe kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this EPSS 0.1%CVE-2022-45874MEDIUMHuawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could allow the attacker to access certain filEPSS 0.1%CVE-2024-54120MEDIUMRace condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause featuresEPSS 0.1%CVE-2024-42036LOWAccess permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service EPSS 0.1%CVE-2025-54623MEDIUMOut-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability.EPSS 0.1%CVE-2024-56439HIGHAccess control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service EPSS 0.1%CVE-2022-48470MEDIUMHuawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow aEPSS 0.1%CVE-2025-54650MEDIUMImproper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect EPSS 0.1%