Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.
Weakness
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Emui | Huawei | 11.0.1 (including) | 11.0.1 (including) |
| Emui | Huawei | 12.0.0 (including) | 12.0.0 (including) |
| Emui | Huawei | 12.0.1 (including) | 12.0.1 (including) |
| Emui | Huawei | 13.0.0 (including) | 13.0.0 (including) |
| Harmonyos | Huawei | 2.0.0 (including) | 2.0.0 (including) |
| Harmonyos | Huawei | 2.0.1 (including) | 2.0.1 (including) |
| Harmonyos | Huawei | 3.0.0 (including) | 3.0.0 (including) |
| Harmonyos | Huawei | 3.1.0 (including) | 3.1.0 (including) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/21.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/459.html
- https://cwe.mitre.org/data/definitions/461.html
- https://cwe.mitre.org/data/definitions/473.html
- https://cwe.mitre.org/data/definitions/476.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/60.html
- https://cwe.mitre.org/data/definitions/667.html
- https://cwe.mitre.org/data/definitions/94.html
References
- https://consumer.huawei.com/en/support/bulletin/2023/7/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
- https://consumer.huawei.com/en/support/bulletin/2023/7/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858