ID
VAR-202209-0645
CVE
CVE-2022-38700
TITLE
OpenHarmony Authentication vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2022-016583
DESCRIPTION
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. OpenHarmony There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.71
sources:
NVD: CVE-2022-38700 //
JVNDB: JVNDB-2022-016583 //
VULMON: CVE-2022-38700
IOT TAXONOMY
| category: | ['other device'] | sub_category: | IoT device with OpenHarmony | Trust: 0.1 |
sources:
OTHER: None
AFFECTED PRODUCTS
| vendor: | openharmony | model: | openharmony | scope: | eq | version: | 3.1.1 | Trust: 1.8 |
| vendor: | openharmony | model: | openharmony | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | openharmony | model: | openharmony | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-016583 //
NVD: CVE-2022-38700
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
JVNDB: JVNDB-2022-016583 //
CNNVD: CNNVD-202209-659 //
NVD: CVE-2022-38700 //
NVD: CVE-2022-38700
PROBLEMTYPE DATA
| problemtype: | CWE-305 | Trust: 1.0 |
| problemtype: | CWE-287 | Trust: 1.0 |
| problemtype: | Inappropriate authentication (CWE-287) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-016583 //
NVD: CVE-2022-38700
THREAT TYPE
remote or local
Trust: 0.6
sources:
CNNVD: CNNVD-202209-659
TYPE
authorization issue
Trust: 0.6
sources:
CNNVD: CNNVD-202209-659
PATCH
| title: | OpenHarmony Remediation measures for authorization problem vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207726 | Trust: 0.6 |
sources:
CNNVD: CNNVD-202209-659
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-38700 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2022-016583 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202209-659 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-38700 | Trust: 0.1 |
sources:
OTHER: None //
VULMON: CVE-2022-38700 //
JVNDB: JVNDB-2022-016583 //
CNNVD: CNNVD-202209-659 //
NVD: CVE-2022-38700
REFERENCES
| url: | https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-38700 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-38700/ | Trust: 0.6 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
OTHER: None //
VULMON: CVE-2022-38700 //
JVNDB: JVNDB-2022-016583 //
CNNVD: CNNVD-202209-659 //
NVD: CVE-2022-38700
SOURCES
| db: | OTHER | id: | - |
| db: | VULMON | id: | CVE-2022-38700 |
| db: | JVNDB | id: | JVNDB-2022-016583 |
| db: | CNNVD | id: | CNNVD-202209-659 |
| db: | NVD | id: | CVE-2022-38700 |
LAST UPDATE DATE
2025-01-30T20:10:57.713000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2022-38700 | date: | 2022-09-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-016583 | date: | 2023-10-05T08:32:00 |
| db: | CNNVD | id: | CNNVD-202209-659 | date: | 2022-09-15T00:00:00 |
| db: | NVD | id: | CVE-2022-38700 | date: | 2022-09-14T21:17:07.200 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2022-38700 | date: | 2022-09-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-016583 | date: | 2023-10-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-202209-659 | date: | 2022-09-09T00:00:00 |
| db: | NVD | id: | CVE-2022-38700 | date: | 2022-09-09T15:15:14.577 |