Details of VAR-202104-0438

ID

VAR-202104-0438

CVE

CVE-2021-22331

TITLE

Huawei P30 JavaScript Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-20327

DESCRIPTION

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3). The Huawei P30 is a smartphone from the Chinese company Huawei

Trust: 1.53

sources: NVD: CVE-2021-22331 // CNVD: CNVD-2022-20327 // VULMON: CVE-2021-22331

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-20327

AFFECTED PRODUCTS

vendor:	huawei	model:	p30 <11.0.0.138	scope:	-	version:	-	Trust: 3.6
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.165\(c01e165r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	11.0.0.118\(c635e2r1p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	11.0.0.138\(c10e4r5p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	11.0.0.138\(c432e8r2p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	11.0.0.138\(c605e4r1p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	11.0.0.138\(c461e4r3p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	11.0.0.138\(c185e4r7p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	11.0.0.138\(c636e4r3p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	11.0.0.120\(c00e120r2p5\)	Trust: 1.0
vendor:	huawei	model:	p30 <10.1.0.165	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p30 <11.0.0.118	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p30 <11.0.0.120	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-20327 // NVD: CVE-2021-22331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22331
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-20327
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-2087
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-22331
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22331
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-20327
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22331
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-20327 // VULMON: CVE-2021-22331 // CNNVD: CNNVD-202104-2087 // NVD: CVE-2021-22331

PROBLEMTYPE DATA

problemtype:

CWE-74

Trust: 1.0

sources: NVD: CVE-2021-22331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2087

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-2087

PATCH

title:	Patch for Huawei P30 JavaScript Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/326181	Trust: 0.6
title:	Huawei Multiple products Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149800	Trust: 0.6

sources: CNVD: CNVD-2022-20327 // CNNVD: CNNVD-202104-2087

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22331	Trust: 2.3
db:	CNVD	id:	CNVD-2022-20327	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-2087	Trust: 0.6
db:	VULMON	id:	CVE-2021-22331	Trust: 0.1

sources: CNVD: CNVD-2022-20327 // VULMON: CVE-2021-22331 // CNNVD: CNNVD-202104-2087 // NVD: CVE-2021-22331

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22331	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-20327 // VULMON: CVE-2021-22331 // CNNVD: CNNVD-202104-2087 // NVD: CVE-2021-22331

SOURCES

db:	CNVD	id:	CNVD-2022-20327
db:	VULMON	id:	CVE-2021-22331
db:	CNNVD	id:	CNNVD-202104-2087
db:	NVD	id:	CVE-2021-22331

LAST UPDATE DATE

2024-11-23T22:16:06.353000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-20327	date:	2022-03-17T00:00:00
db:	VULMON	id:	CVE-2021-22331	date:	2021-05-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-2087	date:	2021-05-10T00:00:00
db:	NVD	id:	CVE-2021-22331	date:	2024-11-21T05:49:55.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-20327	date:	2022-03-17T00:00:00
db:	VULMON	id:	CVE-2021-22331	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-2087	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-22331	date:	2021-04-28T13:15:08.077