Vulnerabilities in Huawei

1,367 results
Vexday analysis

Com 1.362 CVEs catalogadas, o portfólio de vulnerabilidades da Huawei apresenta volume expressivo, embora a taxa de exploração ativa esteja abaixo da média geral do catálogo, com nenhuma entrada confirmada no CISA KEV. O tipo de falha mais frequente é CWE-125 (leitura fora dos limites de buffer), padrão que tende a viabilizar vazamento de informações ou condições de instabilidade em equipamentos de rede e sistemas embarcados. A CVE de maior pontuação EPSS no momento é CVE-2019-5285, com índice de 0,0166 — valor baixo em termos absolutos, mas que ainda merece atenção em ambientes onde o ativo afetado esteja exposto. A ausência de PoCs públicas conhecidas reduz a superfície de exploração imediata, mas os 57 registros de severidade crítica e as 47 CVEs surgidas nos últimos 90 dias indicam que a gestão contínua de patches permanece necessária.

CVE-2025-48909HIGHBypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentialiEPSS 0.1%CVE-2024-51510HIGHOut-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentialiEPSS 0.1%CVE-2023-52713HIGHVulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affEPSS 0.1%CVE-2023-52547HIGHHuawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a maEPSS 0.1%CVE-2023-52710HIGHHuawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected siEPSS 0.1%CVE-2024-36502HIGHOut-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.EPSS 0.1%CVE-2025-54647MEDIUMOut-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability maEPSS 0.1%CVE-2020-9080HIGHThere is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specifiEPSS 0.1%CVE-2024-4046MEDIUMCracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.EPSS 0.1%CVE-2025-53169HIGHVulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this EPSS 0.1%CVE-2026-41965MEDIUMUse-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.EPSS 0.1%CVE-2023-52358MEDIUMVulnerability of configuration defects in some APIs of the audio module.Successful exploitation of this vulnerability may affect availabilitEPSS 0.1%CVE-2023-52385MEDIUMOut-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability.EPSS 0.1%CVE-2024-39673MEDIUMVulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affeEPSS 0.1%CVE-2026-34851LOWRace condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availabilityEPSS 0.1%CVE-2021-40015There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affecEPSS 0.1%CVE-2022-41590MEDIUMSome smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful explEPSS 0.1%CVE-2024-42037CRITICALVulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confideEPSS 0.1%CVE-2022-48518Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. SuccEPSS 0.1%CVE-2024-39671CRITICALAccess control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service cEPSS 0.1%