Incorrect Privilege Assignment in Huawei Whole-Home Intelligence Software
CVE-2022-48283

9.8CRITICAL

Key Information:

Vendor: Huawei
Status: HarmonyOS AILife Solution 6.0
Vendor: CVE Published:; 27 February 2023

Summary

The whole-home intelligence software from Huawei is affected by an Incorrect Privilege Assignment vulnerability, which allows unauthorized access to restricted functionalities within the application. If exploited, this vulnerability could enable attackers to manipulate settings and escalate privileges, compromising the security of the entire system.

Affected Version(s)

HarmonyOS AILife Solution 6.0 HiLink AI Life 12.0.2.305

References

https://www.huawei.com/en/psirt/security-advisories/2023/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 28, 2023