Design/Logic Flaw

2021-04-2813:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

38.9%

JSON

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).

CPENameOperatorVersion
p30_firmwareeq< 10.1.0.165c1e165r2p11
p30_firmwareeq< 11.0.0.118c635e2r1p3
p30_firmwareeq< 11.0.0.120c0e120r2p5
p30_firmwareeq< 11.0.0.138c10e4r5p3
p30_firmwareeq< 11.0.0.138c185e4r7p3
p30_firmwareeq< 11.0.0.138c432e8r2p3
p30_firmwareeq< 11.0.0.138c461e4r3p3
p30_firmwareeq< 11.0.0.138c605e4r1p3
p30_firmwareeq< 11.0.0.138c636e4r3p3

Name	Operator	Version
p30_firmware	eq	< 10.1.0.165c1e165r2p11
p30_firmware	eq	< 11.0.0.118c635e2r1p3
p30_firmware	eq	< 11.0.0.120c0e120r2p5
p30_firmware	eq	< 11.0.0.138c10e4r5p3
p30_firmware	eq	< 11.0.0.138c185e4r7p3
p30_firmware	eq	< 11.0.0.138c432e8r2p3
p30_firmware	eq	< 11.0.0.138c461e4r3p3
p30_firmware	eq	< 11.0.0.138c605e4r1p3
p30_firmware	eq	< 11.0.0.138c636e4r3p3

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en

0.001 Low

EPSS

Percentile

38.9%

JSON

Related for PRION:CVE-2021-22331