Details of VAR-202206-0348

ID

VAR-202206-0348

CVE

CVE-2022-32144

TITLE

Huawei of cv81-wdm Firmware Input Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-026202

DESCRIPTION

There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. Huawei of cv81-wdm The firmware contains vulnerabilities related to input validation and violation of the same origin policy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei CV81-WDM FW is a laser multifunction printer produced by Huawei, China

Trust: 2.16

sources: NVD: CVE-2022-32144 // JVNDB: JVNDB-2022-026202 // CNVD: CNVD-2023-01054

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-01054

AFFECTED PRODUCTS

vendor:	huawei	model:	cv81-wdm	scope:	eq	version:	01.70.49.29.46	Trust: 1.6
vendor:	huawei	model:	cv81-wdm	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	cv81-wdm	scope:	eq	version:	cv81-wdm firmware 01.70.49.29.46	Trust: 0.8
vendor:	huawei	model:	cv81-wdm	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2023-01054 // JVNDB: JVNDB-2022-026202 // NVD: CVE-2022-32144

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com:	CVE-2022-32144
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-026202
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2023-01054
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202206-108
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-01054
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@huawei.com:	CVE-2022-32144
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.7
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-026202
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-01054 // JVNDB: JVNDB-2022-026202 // CNNVD: CNNVD-202206-108 // NVD: CVE-2022-32144

PROBLEMTYPE DATA

problemtype:	CWE-346	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	Same-origin policy violation (CWE-346) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-026202 // NVD: CVE-2022-32144

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202206-108

PATCH

title:	Patch for Huawei CV81-WDM FW Insufficient Input Validation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/389251	Trust: 0.6
title:	Huawei CV81-WDM FW Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194559	Trust: 0.6

sources: CNVD: CNVD-2023-01054 // CNNVD: CNNVD-202206-108

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32144	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-026202	Trust: 0.8
db:	CNVD	id:	CNVD-2023-01054	Trust: 0.6
db:	CS-HELP	id:	SB2022060103	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-108	Trust: 0.6

sources: CNVD: CNVD-2023-01054 // JVNDB: JVNDB-2022-026202 // CNNVD: CNNVD-202206-108 // NVD: CVE-2022-32144

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220601-01-66843eb3-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32144	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022060103	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20220601-01-66843eb3-cn	Trust: 0.6

sources: CNVD: CNVD-2023-01054 // JVNDB: JVNDB-2022-026202 // CNNVD: CNNVD-202206-108 // NVD: CVE-2022-32144

CREDITS

The vulnerability was discovered by Huawei internal testers

Trust: 0.6

sources: CNNVD: CNNVD-202206-108

SOURCES

db:	CNVD	id:	CNVD-2023-01054
db:	JVNDB	id:	JVNDB-2022-026202
db:	CNNVD	id:	CNNVD-202206-108
db:	NVD	id:	CVE-2022-32144

LAST UPDATE DATE

2025-07-16T23:16:41.594000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-01054	date:	2023-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2022-026202	date:	2025-07-14T08:27:00
db:	CNNVD	id:	CNNVD-202206-108	date:	2022-06-02T00:00:00
db:	NVD	id:	CVE-2022-32144	date:	2025-07-11T14:32:24.953

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-01054	date:	2023-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-026202	date:	2025-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202206-108	date:	2022-06-01T00:00:00
db:	NVD	id:	CVE-2022-32144	date:	2024-12-20T02:15:05.320