CVE-2022-37008

HIGH

7.5

Descricao

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability.

Detalhes CVE

Pontuacao CVSS v3.17.5

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado8/10/2022

Ultima modificacao3/6/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

huawei:emuihuawei:harmonyoshuawei:magic_ui

Fraquezas (CWE)

CWE-345CWE-345

Referencias

https://consumer.huawei.com/en/support/bulletin/2022/8/(psirt@huawei.com)

https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177(psirt@huawei.com)

https://consumer.huawei.com/en/support/bulletin/2022/8/(af854a3a-2127-422b-91ae-364da2661108)

https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.