CVE-2023-39405 — Improper Input Validation in Huawei Emui

CWE-20 — Improper Input Validation CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 71.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Emui Huawei Harmonyos

Timeline

PublishedAug 13

Description

Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5huawei/emui4 versions+3

▶NVDhuawei/emui4 versions+3

▶CVEListV5huawei/harmonyos4 versions+3

▶NVDhuawei/harmonyos4 versions+3

🔴Vulnerability Details

CVEList

CVE-2023-39405: Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module↗2023-08-13

▶

GHSA

GHSA-wvc7-mvw8-4v82: Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module↗2023-08-13

▶