Incomplete Verification Vulnerability in Huawei VPN Service Module
CVE-2024-57962

6.1MEDIUM

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 6 February 2025

Summary

The Huawei VPN Service Module exhibits a vulnerability characterized by incomplete verification of information, which may leave the service exposed to manipulation. Attackers exploiting this flaw could potentially impact the availability of the VPN service, posing significant risks to users relying on the module for secure communications. It is imperative for users to remain informed about potential threats and apply necessary updates or mitigations to safeguard their network environments.

Affected Version(s)

HarmonyOS 5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/2/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Jan 22, 2025