CVE-2022-43449

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/11/2022
Last modified:
07/11/2022

Description

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:* 3.1 (including) 3.1.2 (including)