How serious is CVE-2022-37008?

This vulnerability has a CVSS score of 7.5 out of 10, classified as HIGH severity. No public exploit code has been identified yet.

Which products are affected by CVE-2022-37008?

CVE-2022-37008 affects huawei emui. Check the full CVE details for specific version information.

How do I fix CVE-2022-37008?

To remediate CVE-2022-37008, check for security patches from huawei. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2022-37008

High

|7.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to bypass checks on software updates, which means they could install malicious updates that might destabilize the system. To exploit this, the attacker would need access to the device's recovery module, making it crucial to secure physical access and update processes.

Technical Description

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactNone

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$2,053($1K-$5K)

Vendor Response

Grade FPatched in 1303 days

Quick Information

Published

Aug 10, 2022

over 3 years ago

Last Modified

Mar 6, 2026

about 1 month ago

Vendor

huawei

Product

emui

Related Vulnerabilities

CVE-2026-28551Medium

This vulnerability allows an attacker to disrupt the security management of Huawei devices running HarmonyOS, potentially causing the system to become unavailable. To exploit this issue, the attacker must be able to trigger a race condition, which occurs when two processes try to access the same resource at the same time.

CVE-2026-28549Medium

This vulnerability allows an attacker to disrupt the permission management system on HarmonyOS, potentially causing the service to become unavailable. To exploit this, the attacker needs to take advantage of a timing issue in how permissions are handled, which could lead to service interruptions.

CVE-2026-28548Medium

This vulnerability allows an attacker to potentially access sensitive information from the email application due to a failure in properly verifying user actions. To exploit this, the attacker would need to trick the application into accepting malicious inputs, which could compromise the confidentiality of user data.

CVE-2026-28547Medium

This vulnerability allows an attacker to potentially disrupt the operation of HarmonyOS by exploiting an issue with uninitialized pointers in the scanning module. Successful exploitation requires the attacker to have access to the affected system, which could lead to service interruptions or crashes.

CVE-2026-28546Medium

This vulnerability allows an attacker to crash the scanning module of HarmonyOS, potentially making the system unavailable. To exploit this, the attacker needs to send specially crafted input to the module, which could happen if the device is connected to a malicious network or application.