Huawei Harmonyos vulnerabilities

CVE-2021-39982 [CRITICAL] CWE-269 CVE-2021-39982: Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications.

CVE-2021-37128 [CRITICAL] CWE-22 CVE-2021-37128: HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file.

CVE-2021-39979 [CRITICAL] CWE-94 CVE-2021-39979: HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may aff HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.

CVE-2021-39990 [CRITICAL] CWE-787 CVE-2021-39990: The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of th The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.

CVE-2021-37116 [CRITICAL] CWE-20 CVE-2021-37116: PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this v PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed.

CVE-2021-37133 [HIGH] CVE-2021-37133: There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vu There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39968 [HIGH] CVE-2021-39968: Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulne Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class.

CVE-2021-39987 [HIGH] CWE-843 CVE-2021-39987: The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this v The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

CVE-2021-39978 [HIGH] CWE-89 CVE-2021-39978: Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerabilit Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues.

CVE-2021-39984 [HIGH] CWE-125 CVE-2021-39984: Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerabil Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service.

CVE-2021-39977 [HIGH] CWE-476 CVE-2021-39977: The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

CVE-2021-39972 [HIGH] CWE-200 CVE-2021-39972: MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successf MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.

CVE-2021-37134 [HIGH] CWE-362 CVE-2021-37134: Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerab Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components.

CVE-2021-39970 [HIGH] CWE-22 CVE-2021-39970: HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerab HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission.

CVE-2021-39983 [HIGH] CVE-2021-39983: The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this v The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

CVE-2021-37125 [HIGH] CWE-200 CVE-2021-37125: Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Succe Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected.

CVE-2021-37111 [HIGH] CWE-770 CVE-2021-37111: There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.

CVE-2021-37119 [HIGH] CVE-2021-37119: There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability m There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.

CVE-2021-37113 [HIGH] CVE-2021-37113: There is a Privilege escalation vulnerability with the file system component in Smartphone.Successfu There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37126 [HIGH] CWE-22 CVE-2021-37126: Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Succe Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed.