VARIoT IoT vulnerabilities database
| VAR-202112-0250 | CVE-2021-37064 | Huawei Path Traversal Vulnerability in Smartphones |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created. Huawei Smartphones have a path traversal vulnerability.Information may be obtained and information may be tampered with. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. The Applications module of Huawei HarmonyOS 2.0 has a directory traversal vulnerability
| VAR-202112-0222 | CVE-2021-37100 | Huawei Authentication Vulnerability in Smartphones |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. Huawei Smartphones have an authentication vulnerability.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a component of the product that does not effectively authenticate user identities
| VAR-202112-0255 | CVE-2021-37058 | Huawei Vulnerabilities in smartphones |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user's nickname is maliciously tampered with. Huawei Smartphones have unspecified vulnerabilities.Information may be tampered with
| VAR-202112-0257 | CVE-2021-37048 | Huawei Input validation vulnerability in smartphones |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to fake visitors to control PC,play a video,etc. Huawei Smartphones contain a vulnerability related to input validation.Information may be tampered with
| VAR-202112-0256 | CVE-2021-37057 | Huawei Vulnerability related to array index validation in smartphones |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to restart the phone. Huawei Smartphones contain an array index validation vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-0229 | CVE-2021-37089 | Huawei Incomplete Cleanup Vulnerability in Smartphone Products |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system
| VAR-202112-0351 | CVE-2021-37049 | plural Huawei Out-of-bounds write vulnerability in smartphone products |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects. plural Huawei Smartphone products contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-0348 | CVE-2021-37052 | plural Huawei Vulnerability related to exceptional state handling in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage. plural Huawei A vulnerability related to exceptional state handling exists in smartphone products.Information may be obtained
| VAR-202112-0342 | CVE-2021-37093 | plural Huawei Vulnerabilities in smartphone products |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. plural Huawei Smartphone products have unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. The vulnerability is caused by a component of the product that does not effectively authenticate user identities. No detailed vulnerability details were provided at this time
| VAR-202112-0334 | CVE-2021-37021 | plural Huawei Input validation vulnerability in smartphone products |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. plural Huawei A vulnerability related to input validation exists in smartphone products.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202112-0254 | CVE-2021-37059 | Huawei Vulnerabilities in smartphones |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
There is a Weaknesses Introduced During Design. Huawei Smartphones have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202109-1956 | CVE-2021-22478 | HarmonyOS Module Use of Freed Memory Vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. HarmonyOS The module contains a usage of freed memory vulnerability.Information may be obtained
| VAR-202109-1958 | CVE-2021-22480 | HarmonyOS Integer overflow vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. HarmonyOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202109-1959 | CVE-2021-22319 | plural Huawei Integer overflow vulnerability in product |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows. EMUI , HarmonyOS , Magic UI Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-0224 | CVE-2021-37096 | HarmonyOS Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There are security vulnerabilities in Huawei HarmonyOS, which can be exploited by attackers to leak user privacy
| VAR-202112-0347 | CVE-2021-37053 | plural Huawei Vulnerabilities in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. plural Huawei Smartphone products have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202112-0285 | CVE-2021-37040 | plural Huawei Argument insertion or modification vulnerability in smartphone products |
CVSS V2: 6.8 CVSS V3: 9.8 Severity: CRITICAL |
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting. plural Huawei Smartphone products contain an argument injection or modification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS. No detailed vulnerability details were provided at this time
| VAR-202112-0344 | CVE-2021-37074 | plural Huawei Race Condition Vulnerability in Smartphone Products |
CVSS V2: 9.3 CVSS V3: 8.1 Severity: HIGH |
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. plural Huawei A race condition vulnerability exists in smartphone products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-0352 | CVE-2021-37045 | plural Huawei Vulnerability related to use of freed memory in smartphone products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed. plural Huawei A vulnerability related to use of freed memory exists in smartphone products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-0223 | CVE-2021-37099 | HarmonyOS Past traversal vulnerability in |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. HarmonyOS Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Huawei HarmonyOS is China's Huawei ( Huawei ) company's operating system. Provide a microkernel-based full-scenario distributed operating system