Vulnerabilities > CVE-2023-37242 - Authorization Bypass Through User-Controlled Key vulnerability in Huawei Emui and Harmonyos

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

huawei

CWE-639

critical

NVD

Published: 2023-07-06

Updated: 2023-07-12

Summary

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Harmonyos 2.0 Huawei Harmonyos 3.0.0 Huawei Emui 12.0.0 Huawei Emui 13.0.0	4

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
https://consumer.huawei.com/en/support/bulletin/2023/7/