Lucene search

[email protected]CVE-2021-22400

HistoryAug 03, 2021 - 2:15 p.m.

CVE-2021-22400

2021-08-0314:15:08

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-22400

huawei

smartphones

input validation

vulnerability

parameter validation

malicious app

system crash.

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Affected product include:OxfordS-AN00A 10.0.1.10(C00E10R1P1),10.0.1.105(C00E103R3P3),10.0.1.115(C00E110R3P3),10.0.1.123(C00E121R3P3),10.0.1.135(C00E130R3P3),10.0.1.135(C00E130R4P1),10.0.1.152(C00E140R4P1),10.0.1.160(C00E160R4P1),10.0.1.167(C00E166R4P1),10.0.1.173(C00E172R5P1),10.0.1.178(C00E175R5P1) and 10.1.0.202(C00E79R5P1).

Affected configurations

NVD

Node

huaweioxfords-an00a_firmwareMatch10.0.1.10\(c00e10r1p1\)

huaweioxfords-an00a_firmwareMatch10.0.1.105\(c00e103r3p3\)

huaweioxfords-an00a_firmwareMatch10.0.1.115\(c00e110r3p3\)

huaweioxfords-an00a_firmwareMatch10.0.1.123\(c00e121r3p3\)

huaweioxfords-an00a_firmwareMatch10.0.1.135\(c00e130r3p3\)

huaweioxfords-an00a_firmwareMatch10.0.1.135\(c00e130r4p1\)

huaweioxfords-an00a_firmwareMatch10.0.1.152\(c00e140r4p1\)

huaweioxfords-an00a_firmwareMatch10.0.1.160\(c00e160r4p1\)

huaweioxfords-an00a_firmwareMatch10.0.1.167\(c00e166r4p1\)

huaweioxfords-an00a_firmwareMatch10.0.1.173\(c00e172r5p1\)

huaweioxfords-an00a_firmwareMatch10.0.1.178\(c00e175r5p1\)

huaweioxfords-an00a_firmwareMatch10.1.0.202\(c00e79r5p1\)

AND

huaweioxfords-an00aMatch-

CPENameOperatorVersion
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.10\(c00e10r1p1\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.105\(c00e103r3p3\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.115\(c00e110r3p3\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.123\(c00e121r3p3\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.135\(c00e130r3p3\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.135\(c00e130r4p1\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.152\(c00e140r4p1\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.160\(c00e160r4p1\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.167\(c00e166r4p1\)
huawei:oxfords-an00a_firmwarehuawei oxfords-an00a firmwareeq10.0.1.173\(c00e172r5p1\)

CPE	Name	Operator	Version
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.10\(c00e10r1p1\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.105\(c00e103r3p3\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.115\(c00e110r3p3\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.123\(c00e121r3p3\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.135\(c00e130r3p3\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.135\(c00e130r4p1\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.152\(c00e140r4p1\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.160\(c00e160r4p1\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.167\(c00e166r4p1\)
huawei:oxfords-an00a_firmware	huawei oxfords-an00a firmware	eq	10.0.1.173\(c00e172r5p1\)

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "OxfordS-AN00A",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.1.10(C00E10R1P1),10.0.1.105(C00E103R3P3),10.0.1.115(C00E110R3P3),10.0.1.123(C00E121R3P3),10.0.1.135(C00E130R3P3),10.0.1.135(C00E130R4P1),10.0.1.152(C00E140R4P1),10.0.1.160(C00E160R4P1),10.0.1.167(C00E166R4P1),10.0.1.173(C00E172R5P1),10.0.1.178(C00E175R5P1),10.1.0.202(C00E79R5P1)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210721-01-phones-en

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for CVE-2021-22400

nvd1 prion1 cvelist1 huawei1 cnvd1