VARIoT IoT vulnerabilities database
| VAR-202110-1867 | CVE-2021-39972 | HarmonyOS Vulnerability regarding information leakage in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. HarmonyOS There is a vulnerability related to information leakage.Information may be obtained
| VAR-202110-1866 | CVE-2021-39968 | HarmonyOS Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class. HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202110-1865 | CVE-2021-37126 | HarmonyOS Past traversal vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. HarmonyOS Exists in a past traversal vulnerability.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS. The vulnerability is due to a vulnerability in a component of HarmonyOS that is not strict enough for uri verification. Attackers can exploit this vulnerability to cause directory attack traversal, affecting confidentiality
| VAR-202110-1864 | CVE-2021-37125 | HarmonyOS Vulnerability regarding information leakage in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected. HarmonyOS There is a vulnerability related to information leakage.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS. The vulnerability stems from the lack of input validation in a component of HarmonyOS. An attacker could exploit this vulnerability to compromise confidentiality
| VAR-202110-1863 | CVE-2021-37098 | HarmonyOS Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash. HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202110-1862 | CVE-2021-37116 | HarmonyOS Input verification vulnerability in |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed. HarmonyOS There is an input validation vulnerability in.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202110-1861 | CVE-2021-39982 | HarmonyOS Vulnerability in privilege management in |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications. HarmonyOS Exists in a permission management vulnerability.Information may be obtained and information may be tampered with. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in a component of Huawei HarmonyOS. Attackers can exploit this vulnerability to cause abnormal system functions
| VAR-202110-1860 | CVE-2021-39980 | HarmonyOS Vulnerability regarding information leakage in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure. HarmonyOS There is a vulnerability related to information leakage.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in a component of Huawei HarmonyOS. An attacker could exploit this vulnerability to obtain the IMSI by bypassing the necessary permissions
| VAR-202110-1859 | CVE-2021-39970 | HarmonyOS Past traversal vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. HarmonyOS Exists in a past traversal vulnerability.Information may be tampered with
| VAR-202110-1858 | CVE-2021-37128 | HarmonyOS Past traversal vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. HarmonyOS Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in a component of Huawei HarmonyOS
| VAR-202110-1857 | CVE-2021-37134 | HarmonyOS Race condition vulnerabilities in |
CVSS V2: 6.8 CVSS V3: 8.1 Severity: HIGH |
Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components. HarmonyOS There is a race condition vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in a component of Huawei HarmonyOS. An attacker could exploit this vulnerability to compromise confidentiality
| VAR-202110-1856 | CVE-2021-37111 | Huawei Vulnerability in resource allocation without limits or throttling in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion. Huawei Smartphone products are vulnerable to resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state
| VAR-202110-1855 | CVE-2021-39971 | HarmonyOS Vulnerability in externally controllable references to resources in another region of |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. HarmonyOS Exists in a vulnerability in externally controllable references to resources in another region.Information may be obtained
| VAR-202110-1854 | CVE-2021-37119 | plural Huawei Vulnerabilities in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. plural Huawei Smartphone products have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in a component of Huawei HarmonyOS
| VAR-202110-1853 | CVE-2021-39979 | HarmonyOS Code injection vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. HarmonyOS There is a code injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202110-1852 | CVE-2021-37132 | HarmonyOS Vulnerability regarding improper default permissions in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission. HarmonyOS There is a vulnerability in improper default permissions.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in a component of Huawei HarmonyOS. An attacker could exploit this vulnerability to compromise confidentiality
| VAR-202110-1851 | CVE-2021-37110 | Huawei Vulnerabilities in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphone products have unspecified vulnerabilities.Information may be obtained
| VAR-202110-1850 | CVE-2021-39981 | HarmonyOS Vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.3 Severity: MEDIUM |
Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call. HarmonyOS Exists in unspecified vulnerabilities.Information may be tampered with. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has security vulnerabilities
| VAR-202110-1849 | CVE-2021-37114 | Huawei Out-of-bounds reading vulnerability in smartphone products |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphone products contain an out-of-bounds read vulnerability.Information may be obtained
| VAR-202110-1848 | CVE-2021-37117 | plural Huawei Vulnerabilities in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. plural Huawei Smartphone products have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Some Huawei smart screens in Huawei HarmonyOS Vision have security vulnerabilities