CVE-2022-48470

EPSS 0.01%
Veröffentlicht 28.12.2024 07:15:19
Zuletzt bearbeitet 09.12.2025 20:35:12
Quelle psirt@huawei.com
CVE-Watchlists
Login
Unerledigt
Login

Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)

This vulnerability has been assigned a (CVE)ID:CVE-2022-48470

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Hilink Ai Life Version12.0.2.305

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@huawei.com	4	1.4	2.5	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-48470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48470

EUVD