Back to KEVs

CVE-2024-7344

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Basic Information

CVE State
PUBLISHED
Reserved Date
July 31, 2024
Published Date
January 14, 2025
Last Updated
September 15, 2025
Vendor
Radix, Greenware Technologies, Howyar Technologies, SANFONG, CES Taiwan, SignalComputer
Product
SmartRecovery, GreenGuard, SysReturn (32-bit and 64-bit), SANFONG EZ-Back System, CES NeoImpact, HDD King
Description
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

CVSS Scores

CVSS v3.1

8.2 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation
none
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-09-12 16:03:13 UTC) Source

References

https://uefi.org/revocationlistfile https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-09-12 16:03:13 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel