Incomplete Verification Vulnerability in Huawei VPN Service Module
CVE-2024-57962

7.5HIGH

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 6 February 2025

What is CVE-2024-57962?

The Huawei VPN Service Module exhibits a vulnerability characterized by incomplete verification of information, which may leave the service exposed to manipulation. Attackers exploiting this flaw could potentially impact the availability of the VPN service, posing significant risks to users relying on the module for secure communications. It is imperative for users to remain informed about potential threats and apply necessary updates or mitigations to safeguard their network environments.

Affected Version(s)

HarmonyOS 5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/2/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Jan 22, 2025