Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2512 vulnerabilities found for HarmonyOS by Huawei
VAR-202208-0562
Vulnerability from variot - Updated: 2026-03-07 23:56The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"cve": "CVE-2022-37007",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-37007",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-37007",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37007",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-37007",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37007",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2402",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"description": {
"_id": null,
"data": "The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37007"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "VULHUB",
"id": "VHN-427491"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-37007",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2402",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427491",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427491"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"id": "VAR-202208-0562",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427491"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:56:34.774000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204372"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427491"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37007"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37007/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427491"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427491",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2402",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-37007",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427491",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2402",
"ident": null
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014549",
"ident": null
},
{
"date": "2022-08-10T20:16:04.797000",
"db": "NVD",
"id": "CVE-2022-37007",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427491",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2402",
"ident": null
},
{
"date": "2023-09-20T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-014549",
"ident": null
},
{
"date": "2026-03-06T20:16:11.130000",
"db": "NVD",
"id": "CVE-2022-37007",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Product out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
}
],
"trust": 0.6
}
}
VAR-202208-0784
Vulnerability from variot - Updated: 2026-03-07 23:52The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.1"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.1"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"cve": "CVE-2022-37004",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-37004",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-37004",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37004",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-37004",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37004",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2398",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"description": {
"_id": null,
"data": "The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37004"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "VULHUB",
"id": "VHN-427495"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-37004",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2398",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427495",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427495"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"id": "VAR-202208-0784",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427495"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:52:47.480000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204368"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37004"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37004/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427495"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427495",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2398",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-37004",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427495",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2398",
"ident": null
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014552",
"ident": null
},
{
"date": "2022-08-10T20:16:04.263000",
"db": "NVD",
"id": "CVE-2022-37004",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427495",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2398",
"ident": null
},
{
"date": "2023-09-20T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-014552",
"ident": null
},
{
"date": "2026-03-06T18:16:15.220000",
"db": "NVD",
"id": "CVE-2022-37004",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
}
],
"trust": 0.6
}
}
VAR-202208-0507
Vulnerability from variot - Updated: 2026-03-07 23:49The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an inadequate validation of data reliability vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS 2.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"cve": "CVE-2022-37008",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-37008",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-37008",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-37008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37008",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2400",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"description": {
"_id": null,
"data": "The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an inadequate validation of data reliability vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS 2.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37008"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "VULHUB",
"id": "VHN-427493"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-37008",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2400",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427493",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427493"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"id": "VAR-202208-0507",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427493"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:49:28.589000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204370"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "Inadequate verification of data reliability (CWE-345) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427493"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37008"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37008/"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427493"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427493",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2400",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-37008",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427493",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2400",
"ident": null
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014548",
"ident": null
},
{
"date": "2022-08-10T20:16:04.967000",
"db": "NVD",
"id": "CVE-2022-37008",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427493",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2400",
"ident": null
},
{
"date": "2023-09-20T08:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-014548",
"ident": null
},
{
"date": "2026-03-06T18:16:15.810000",
"db": "NVD",
"id": "CVE-2022-37008",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Insufficient Validation of Data Trust in Products Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
}
],
"trust": 0.6
}
}
VAR-202208-0488
Vulnerability from variot - Updated: 2026-03-07 23:39The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in a vulnerability in inserting or modifying arguments.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.1"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"cve": "CVE-2022-37005",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-37005",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-37005",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-37005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37005",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2396",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"description": {
"_id": null,
"data": "The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in a vulnerability in inserting or modifying arguments.Information may be obtained. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37005"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "VULHUB",
"id": "VHN-427497"
},
{
"db": "VULMON",
"id": "CVE-2022-37005"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-37005",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2396",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427497",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-37005",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427497"
},
{
"db": "VULMON",
"id": "CVE-2022-37005"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"id": "VAR-202208-0488",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427497"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:39:48.722000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Repair measures for parameter injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204366"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-88",
"trust": 1.1
},
{
"problemtype": "Insert or change arguments (CWE-88) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427497"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.6,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37005"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37005/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427497"
},
{
"db": "VULMON",
"id": "CVE-2022-37005"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427497",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2022-37005",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2396",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-37005",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427497",
"ident": null
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-37005",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2396",
"ident": null
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014551",
"ident": null
},
{
"date": "2022-08-10T20:16:04.443000",
"db": "NVD",
"id": "CVE-2022-37005",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427497",
"ident": null
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-37005",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2396",
"ident": null
},
{
"date": "2023-09-20T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-014551",
"ident": null
},
{
"date": "2026-03-06T18:16:15.530000",
"db": "NVD",
"id": "CVE-2022-37005",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Argument insertion or modification vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "parameter injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
}
],
"trust": 0.6
}
}
VAR-202208-0888
Vulnerability from variot - Updated: 2026-03-07 23:34Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI EMUI is a mobile operating system developed based on Android
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.1"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.0"
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"cve": "CVE-2021-40040",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40040",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40040",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40040",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-40040",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-40040",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2783",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"description": {
"_id": null,
"data": "Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI EMUI is a mobile operating system developed based on Android",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40040"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "VULHUB",
"id": "VHN-401441"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-40040",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2783",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-81251",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-401441",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401441"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"id": "VAR-202208-0888",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-401441"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:34:25.080000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI EMUI and Magic UI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204272"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40040"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202209-0000001392078921"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-40040/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401441"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-401441",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2783",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-40040",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-401441",
"ident": null
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2783",
"ident": null
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020146",
"ident": null
},
{
"date": "2022-08-10T20:15:22.443000",
"db": "NVD",
"id": "CVE-2021-40040",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-401441",
"ident": null
},
{
"date": "2022-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2783",
"ident": null
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020146",
"ident": null
},
{
"date": "2026-03-06T18:16:09.910000",
"db": "NVD",
"id": "CVE-2021-40040",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
}
],
"trust": 0.6
}
}
VAR-202208-0445
Vulnerability from variot - Updated: 2026-03-07 23:29The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS, which is caused by a flaw introduced in the design process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.1"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.1"
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"cve": "CVE-2021-40030",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40030",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40030",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40030",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-40030",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-40030",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2395",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"description": {
"_id": null,
"data": "The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS, which is caused by a flaw introduced in the design process",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40030"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "VULHUB",
"id": "VHN-401431"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-40030",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2395",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-401431",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401431"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"id": "VAR-202208-0445",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-401431"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:29:40.981000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204203"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40030"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-40030/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401431"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-401431",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2395",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-40030",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-401431",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2395",
"ident": null
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020148",
"ident": null
},
{
"date": "2022-08-10T20:15:22.347000",
"db": "NVD",
"id": "CVE-2021-40030",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-401431",
"ident": null
},
{
"date": "2022-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2395",
"ident": null
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020148",
"ident": null
},
{
"date": "2026-03-06T18:16:08.803000",
"db": "NVD",
"id": "CVE-2021-40030",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
}
],
"trust": 0.6
}
}
CVE-2026-28551 (GCVE-0-2026-28551)
Vulnerability from nvd – Published: 2026-03-05 08:22 – Updated: 2026-03-05 14:51
VLAI?
Summary
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
4.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:51:34.698559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:51:45.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the device security management module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the device security management module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:22:46.213Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28551",
"datePublished": "2026-03-05T08:22:46.213Z",
"dateReserved": "2026-02-28T03:58:12.089Z",
"dateUpdated": "2026-03-05T14:51:45.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28549 (GCVE-0-2026-28549)
Vulnerability from nvd – Published: 2026-03-05 08:21 – Updated: 2026-03-05 14:52
VLAI?
Summary
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.6 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:52:20.766036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:52:26.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the permission management service.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the permission management service.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:21:23.201Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28549",
"datePublished": "2026-03-05T08:21:23.201Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:52:26.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28548 (GCVE-0-2026-28548)
Vulnerability from nvd – Published: 2026-03-05 08:28 – Updated: 2026-03-05 14:51
VLAI?
Summary
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
7.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:50:57.161550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:51:18.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of improper verification in the email application.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Vulnerability of improper verification in the email application.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:28:20.416Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28548",
"datePublished": "2026-03-05T08:28:20.416Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:51:18.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28547 (GCVE-0-2026-28547)
Vulnerability from nvd – Published: 2026-03-05 08:16 – Updated: 2026-03-05 15:40
VLAI?
Summary
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.8 (Medium)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:49.276928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:27.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of uninitialized pointer access in the scanning module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Vulnerability of uninitialized pointer access in the scanning module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:16:01.465Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28547",
"datePublished": "2026-03-05T08:16:01.465Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T15:40:27.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28546 (GCVE-0-2026-28546)
Vulnerability from nvd – Published: 2026-03-05 08:10 – Updated: 2026-03-05 15:40
VLAI?
Summary
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.9 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:51.316237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:33.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow vulnerability in the scanning module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Buffer overflow vulnerability in the scanning module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:10:51.617Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28546",
"datePublished": "2026-03-05T08:10:51.617Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T15:40:33.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28542 (GCVE-0-2026-28542)
Vulnerability from nvd – Published: 2026-03-05 08:29 – Updated: 2026-03-05 14:42
VLAI?
Summary
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
7.3 (High)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:41:59.478588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:42:06.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission bypass vulnerability in the system service framework.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Permission bypass vulnerability in the system service framework.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:29:45.155Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28542",
"datePublished": "2026-03-05T08:29:45.155Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:42:06.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28552 (GCVE-0-2026-28552)
Vulnerability from nvd – Published: 2026-03-05 07:45 – Updated: 2026-03-05 15:41
VLAI?
Summary
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.5 (Medium)
CWE
- CWE-19 - Data Processing Errors
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:06.375574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:41:13.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write vulnerability in the IMS module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Out-of-bounds write vulnerability in the IMS module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-19",
"description": "CWE-19 Data Processing Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:45:56.482Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28552",
"datePublished": "2026-03-05T07:45:56.482Z",
"dateReserved": "2026-02-28T03:58:12.089Z",
"dateUpdated": "2026-03-05T15:41:13.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28550 (GCVE-0-2026-28550)
Vulnerability from nvd – Published: 2026-03-05 07:41 – Updated: 2026-03-05 15:41
VLAI?
Summary
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
4 (Medium)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:08.409484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:41:18.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the security control module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the security control module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:41:37.881Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28550",
"datePublished": "2026-03-05T07:41:37.881Z",
"dateReserved": "2026-02-28T03:58:12.089Z",
"dateUpdated": "2026-03-05T15:41:18.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28545 (GCVE-0-2026-28545)
Vulnerability from nvd – Published: 2026-03-05 07:38 – Updated: 2026-03-05 15:15
VLAI?
Summary
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.9 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:14:24.787620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:15:13.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the printing module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the printing module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:38:07.965Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28545",
"datePublished": "2026-03-05T07:38:07.965Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T15:15:13.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28544 (GCVE-0-2026-28544)
Vulnerability from nvd – Published: 2026-03-05 07:34 – Updated: 2026-03-05 14:52
VLAI?
Summary
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.2 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:52:40.333031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:52:49.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the printing module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the printing module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:34:24.606Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28544",
"datePublished": "2026-03-05T07:34:24.606Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:52:49.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28543 (GCVE-0-2026-28543)
Vulnerability from nvd – Published: 2026-03-05 07:58 – Updated: 2026-03-05 15:40
VLAI?
Summary
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
4.4 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:53.257345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:39.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the maintenance and diagnostics module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the maintenance and diagnostics module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:58:17.292Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28543",
"datePublished": "2026-03-05T07:58:17.292Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T15:40:39.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28541 (GCVE-0-2026-28541)
Vulnerability from nvd – Published: 2026-03-05 07:56 – Updated: 2026-03-05 15:40
VLAI?
Summary
Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
4 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:55.317497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:44.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the cellular_data module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Permission control vulnerability in the cellular_data module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:56:33.890Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28541",
"datePublished": "2026-03-05T07:56:33.890Z",
"dateReserved": "2026-02-28T03:58:12.087Z",
"dateUpdated": "2026-03-05T15:40:44.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28540 (GCVE-0-2026-28540)
Vulnerability from nvd – Published: 2026-03-05 07:55 – Updated: 2026-03-05 15:40
VLAI?
Summary
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
4 (Medium)
CWE
- CWE-158 - Improper Neutralization of Null Byte or NUL Character
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:57.305593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:50.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds character read vulnerability in Bluetooth.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Out-of-bounds character read vulnerability in Bluetooth.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-158",
"description": "CWE-158 Improper Neutralization of Null Byte or NUL Character",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:55:01.103Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28540",
"datePublished": "2026-03-05T07:55:01.103Z",
"dateReserved": "2026-02-28T03:58:12.087Z",
"dateUpdated": "2026-03-05T15:40:50.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28539 (GCVE-0-2026-28539)
Vulnerability from nvd – Published: 2026-03-05 07:52 – Updated: 2026-03-05 15:40
VLAI?
Summary
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
6.2 (Medium)
CWE
- CWE-19 - Data Processing Errors
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:59.282665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:56.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Data processing vulnerability in the certificate management module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Data processing vulnerability in the certificate management module.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-19",
"description": "CWE-19 Data Processing Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:52:16.220Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28539",
"datePublished": "2026-03-05T07:52:16.220Z",
"dateReserved": "2026-02-28T03:58:12.087Z",
"dateUpdated": "2026-03-05T15:40:56.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28538 (GCVE-0-2026-28538)
Vulnerability from nvd – Published: 2026-03-05 07:51 – Updated: 2026-03-05 15:41
VLAI?
Summary
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.9 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:02.007615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:41:01.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability in the certificate management module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Path traversal vulnerability in the certificate management module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:51:00.216Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28538",
"datePublished": "2026-03-05T07:51:00.216Z",
"dateReserved": "2026-02-28T03:58:12.087Z",
"dateUpdated": "2026-03-05T15:41:01.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28537 (GCVE-0-2026-28537)
Vulnerability from nvd – Published: 2026-03-05 07:13 – Updated: 2026-03-05 15:16
VLAI?
Summary
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.1 (Medium)
CWE
- CWE-415 - Double Free
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:15:57.467649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:16:06.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Double free vulnerability in the window module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Double free vulnerability in the window module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:13:46.723Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28537",
"datePublished": "2026-03-05T07:13:46.723Z",
"dateReserved": "2026-02-28T03:58:12.087Z",
"dateUpdated": "2026-03-05T15:16:06.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66319 (GCVE-0-2025-66319)
Vulnerability from nvd – Published: 2026-03-05 07:49 – Updated: 2026-03-05 15:41
VLAI?
Summary
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
Severity ?
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:04.344875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:41:07.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the resource scheduling module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect service integrity."
}
],
"value": "Permission control vulnerability in the resource scheduling module.\u00a0Impact: Successful exploitation of this vulnerability may affect service integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:49:04.759Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66319",
"datePublished": "2026-03-05T07:49:04.759Z",
"dateReserved": "2025-11-27T02:20:28.788Z",
"dateUpdated": "2026-03-05T15:41:07.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28542 (GCVE-0-2026-28542)
Vulnerability from cvelistv5 – Published: 2026-03-05 08:29 – Updated: 2026-03-05 14:42
VLAI?
Summary
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
7.3 (High)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:41:59.478588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:42:06.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission bypass vulnerability in the system service framework.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Permission bypass vulnerability in the system service framework.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:29:45.155Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28542",
"datePublished": "2026-03-05T08:29:45.155Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:42:06.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28548 (GCVE-0-2026-28548)
Vulnerability from cvelistv5 – Published: 2026-03-05 08:28 – Updated: 2026-03-05 14:51
VLAI?
Summary
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
7.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:50:57.161550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:51:18.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of improper verification in the email application.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Vulnerability of improper verification in the email application.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:28:20.416Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28548",
"datePublished": "2026-03-05T08:28:20.416Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:51:18.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28551 (GCVE-0-2026-28551)
Vulnerability from cvelistv5 – Published: 2026-03-05 08:22 – Updated: 2026-03-05 14:51
VLAI?
Summary
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
4.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:51:34.698559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:51:45.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the device security management module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the device security management module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:22:46.213Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28551",
"datePublished": "2026-03-05T08:22:46.213Z",
"dateReserved": "2026-02-28T03:58:12.089Z",
"dateUpdated": "2026-03-05T14:51:45.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28549 (GCVE-0-2026-28549)
Vulnerability from cvelistv5 – Published: 2026-03-05 08:21 – Updated: 2026-03-05 14:52
VLAI?
Summary
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.6 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:52:20.766036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:52:26.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the permission management service.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the permission management service.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:21:23.201Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28549",
"datePublished": "2026-03-05T08:21:23.201Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:52:26.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28547 (GCVE-0-2026-28547)
Vulnerability from cvelistv5 – Published: 2026-03-05 08:16 – Updated: 2026-03-05 15:40
VLAI?
Summary
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.8 (Medium)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:49.276928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:27.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of uninitialized pointer access in the scanning module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Vulnerability of uninitialized pointer access in the scanning module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:16:01.465Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28547",
"datePublished": "2026-03-05T08:16:01.465Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T15:40:27.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28546 (GCVE-0-2026-28546)
Vulnerability from cvelistv5 – Published: 2026-03-05 08:10 – Updated: 2026-03-05 15:40
VLAI?
Summary
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.9 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:51.316237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:33.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow vulnerability in the scanning module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Buffer overflow vulnerability in the scanning module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:10:51.617Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28546",
"datePublished": "2026-03-05T08:10:51.617Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T15:40:33.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28543 (GCVE-0-2026-28543)
Vulnerability from cvelistv5 – Published: 2026-03-05 07:58 – Updated: 2026-03-05 15:40
VLAI?
Summary
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
4.4 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:28:53.257345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:40:39.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the maintenance and diagnostics module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the maintenance and diagnostics module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:58:17.292Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28543",
"datePublished": "2026-03-05T07:58:17.292Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T15:40:39.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}