CVE-2023-52714

CVSS 7.5 HIGHEPSS 0.3%CWE-657

In short

The hwnff module has a design flaw that can be exploited to access confidential information. This vulnerability could allow attackers to view sensitive data they should not have access to.

Technical detail

A design defect in the hwnff module (CWE-657: Improper Neutralization of Input During Web Page Generation) can be exploited to breach confidentiality. The vulnerability likely requires specific interaction or access patterns with the affected module; successful exploitation results in unauthorized disclosure of sensitive information.

Summary generated and translated by AI from the official description.

Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Huawei · EMUI Huawei · HarmonyOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://consumer.huawei.com/en/support/bulletin/2024/4/https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689