Vulnerabilities in Huawei

1,367 results
Vexday analysis

Com 1.362 CVEs catalogadas, o portfólio de vulnerabilidades da Huawei apresenta volume expressivo, embora a taxa de exploração ativa esteja abaixo da média geral do catálogo, com nenhuma entrada confirmada no CISA KEV. O tipo de falha mais frequente é CWE-125 (leitura fora dos limites de buffer), padrão que tende a viabilizar vazamento de informações ou condições de instabilidade em equipamentos de rede e sistemas embarcados. A CVE de maior pontuação EPSS no momento é CVE-2019-5285, com índice de 0,0166 — valor baixo em termos absolutos, mas que ainda merece atenção em ambientes onde o ativo afetado esteja exposto. A ausência de PoCs públicas conhecidas reduz a superfície de exploração imediata, mas os 57 registros de severidade crítica e as 47 CVEs surgidas nos últimos 90 dias indicam que a gestão contínua de patches permanece necessária.

CVE-2024-56451HIGHInteger overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may aEPSS 0.1%CVE-2023-7271MEDIUMPrivilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability.EPSS 0.1%CVE-2024-51527MEDIUMPermission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentialityEPSS 0.1%CVE-2024-54096MEDIUMVulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and acEPSS 0.1%CVE-2024-42038HIGHVulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect serviceEPSS 0.1%CVE-2024-36500HIGHPrivilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentialitEPSS 0.1%CVE-2024-56456MEDIUMVulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of thEPSS 0.1%CVE-2024-36499MEDIUMVulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect servicEPSS 0.1%CVE-2024-56453MEDIUMVulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of thEPSS 0.1%CVE-2024-56454MEDIUMVulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of thEPSS 0.1%CVE-2021-22460A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerabilEPSS 0.1%CVE-2024-51516MEDIUMPermission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function EPSS 0.1%CVE-2024-51526HIGHPermission control vulnerability in the hidebug module Impact: Successful exploitation of this vulnerability may affect service confidentialEPSS 0.1%CVE-2026-24926HIGHOut-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.EPSS 0.1%CVE-2024-56455MEDIUMVulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of thEPSS 0.1%CVE-2024-51521MEDIUMInput parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affectEPSS 0.1%CVE-2026-24919MEDIUMOut-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability.EPSS 0.1%CVE-2023-31225LOWThe Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect prodEPSS 0.1%CVE-2024-47290MEDIUMInput validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability.EPSS 0.1%CVE-2025-68957HIGHMulti-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect avaEPSS 0.1%