Lucene search

[email protected]CVE-2021-22331

HistoryApr 28, 2021 - 1:15 p.m.

CVE-2021-22331

2021-04-2813:15:08

CWE-74

[email protected]

web.nvd.nist.gov

cve-2021-22331

javascript injection

huawei

smartphones

vulnerability

security risk

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.1%

JSON

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).

Affected configurations

NVD

Node

huaweip30_firmwareRange<10.1.0.165\(c01e165r2p11\)

AND

huaweip30Match-

Node

huaweip30_firmwareRange<11.0.0.118\(c635e2r1p3\)

AND

huaweip30Match-

Node

huaweip30_firmwareRange<11.0.0.120\(c00e120r2p5\)

AND

huaweip30Match-

Node

huaweip30_firmwareRange<11.0.0.138\(c10e4r5p3\)

AND

huaweip30Match-

Node

huaweip30_firmwareRange<11.0.0.138\(c185e4r7p3\)

AND

huaweip30Match-

Node

huaweip30_firmwareRange<11.0.0.138\(c432e8r2p3\)

AND

huaweip30Match-

Node

huaweip30_firmwareRange<11.0.0.138\(c461e4r3p3\)

AND

huaweip30Match-

Node

huaweip30_firmwareRange<11.0.0.138\(c605e4r1p3\)

AND

huaweip30Match-

Node

huaweip30_firmwareRange<11.0.0.138\(c636e4r3p3\)

AND

huaweip30Match-

CPENameOperatorVersion
huawei:p30_firmwarehuawei p30 firmwarelt10.1.0.165\(c01e165r2p11\)

CPE	Name	Operator	Version
huawei:p30_firmware	huawei p30 firmware	lt	10.1.0.165\(c01e165r2p11\)

CNA Affected

[
  {
    "product": "HUAWEI P30",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for CVE-2021-22331

cnvd1 huawei1 prion1 nvd1 cvelist1