Details of VAR-202102-0642

ID

VAR-202102-0642

CVE

CVE-2021-22302

TITLE

Taurus-AL00A Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003371

DESCRIPTION

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. Taurus-AL00A Is vulnerable to an out-of-bounds read.Information is obtained and denial of service (DoS) It may be put into a state. Huawei Taurus-AL00A is a smartphone of China's Huawei (Huawei) company. The vulnerability stems from the program's failure to properly validate certain inputs. Attackers can use some apps to send malicious messages to the module to use this vulnerability to cause out-of-bounds and affect the normal use of the device

Trust: 2.25

sources: NVD: CVE-2021-22302 // JVNDB: JVNDB-2021-003371 // CNVD: CNVD-2021-07515 // VULMON: CVE-2021-22302

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-07515

AFFECTED PRODUCTS

vendor:	huawei	model:	taurus-al00a	scope:	eq	version:	10.0.0.1\(c00e1r1p1\)	Trust: 1.0
vendor:	huawei	model:	taurus-al00a	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	taurus-al00a	scope:	eq	version:	taurus-al00a firmware 10.0.0.1(c00e1r1p1)	Trust: 0.8
vendor:	huawei	model:	taurus-al00a 10.0.0.1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-07515 // JVNDB: JVNDB-2021-003371 // NVD: CVE-2021-22302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22302
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22302
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-07515
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-559
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-22302
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-07515
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22302
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22302
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-07515 // JVNDB: JVNDB-2021-003371 // CNNVD: CNNVD-202102-559 // NVD: CVE-2021-22302

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003371 // NVD: CVE-2021-22302

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-559

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-559

PATCH

title:	huawei-sa-20210127-01-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-smartphone-en	Trust: 0.8
title:	Patch for Huawei Taurus-AL00A out-of-bounds read vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/245981	Trust: 0.6
title:	Huawei Taurus-AL00A Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141727	Trust: 0.6

sources: CNVD: CNVD-2021-07515 // JVNDB: JVNDB-2021-003371 // CNNVD: CNNVD-202102-559

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22302	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-003371	Trust: 0.8
db:	CNVD	id:	CNVD-2021-07515	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-559	Trust: 0.6
db:	VULMON	id:	CVE-2021-22302	Trust: 0.1

sources: CNVD: CNVD-2021-07515 // VULMON: CVE-2021-22302 // JVNDB: JVNDB-2021-003371 // CNNVD: CNNVD-202102-559 // NVD: CVE-2021-22302

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-smartphone-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22302	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210127-01-smartphone-cn	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-07515 // VULMON: CVE-2021-22302 // JVNDB: JVNDB-2021-003371 // CNNVD: CNNVD-202102-559 // NVD: CVE-2021-22302

SOURCES

db:	CNVD	id:	CNVD-2021-07515
db:	VULMON	id:	CVE-2021-22302
db:	JVNDB	id:	JVNDB-2021-003371
db:	CNNVD	id:	CNNVD-202102-559
db:	NVD	id:	CVE-2021-22302

LAST UPDATE DATE

2024-11-23T21:34:52.055000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-07515	date:	2021-01-31T00:00:00
db:	VULMON	id:	CVE-2021-22302	date:	2021-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-003371	date:	2021-10-25T08:30:00
db:	CNNVD	id:	CNNVD-202102-559	date:	2021-02-18T00:00:00
db:	NVD	id:	CVE-2021-22302	date:	2024-11-21T05:49:52.350

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-07515	date:	2021-01-31T00:00:00
db:	VULMON	id:	CVE-2021-22302	date:	2021-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-003371	date:	2021-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202102-559	date:	2021-02-05T00:00:00
db:	NVD	id:	CVE-2021-22302	date:	2021-02-06T03:15:12.827