Sign-up

ID

VAR-202106-1917


CVE

CVE-2021-22325


TITLE

Huawei  Vulnerability in plaintext transmission of important information on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-007568

DESCRIPTION

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission. Huawei Smartphones contain vulnerabilities in the transmission of important information in clear text.Information may be obtained. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

Trust: 1.71

sources: NVD: CVE-2021-22325 // JVNDB: JVNDB-2021-007568 // VULHUB: VHN-380760

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007568 // NVD: CVE-2021-22325

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22325
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22325
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202106-236
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380760
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22325
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380760
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22325
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-22325
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380760 // JVNDB: JVNDB-2021-007568 // CNNVD: CNNVD-202106-236 // NVD: CVE-2021-22325

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:Sending important information in clear text (CWE-319) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380760 // JVNDB: JVNDB-2021-007568 // NVD: CVE-2021-22325

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-236

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-236

PATCH

title:Huawei EMUI/Magic UI security updates March 2021url:https://consumer.huawei.com/en/support/bulletin/2021/3/

Trust: 0.8

title:Repair measures for Huawei's smartphone information leakage vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153898

Trust: 0.6

sources: JVNDB: JVNDB-2021-007568 // CNNVD: CNNVD-202106-236

EXTERNAL IDS

db:NVDid:CVE-2021-22325

Trust: 3.3

db:JVNDBid:JVNDB-2021-007568

Trust: 0.8

db:CNNVDid:CNNVD-202106-236

Trust: 0.7

db:VULHUBid:VHN-380760

Trust: 0.1

sources: VULHUB: VHN-380760 // JVNDB: JVNDB-2021-007568 // CNNVD: CNNVD-202106-236 // NVD: CVE-2021-22325

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/3/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22325

Trust: 0.8

sources: VULHUB: VHN-380760 // JVNDB: JVNDB-2021-007568 // CNNVD: CNNVD-202106-236 // NVD: CVE-2021-22325

SOURCES

db:VULHUBid:VHN-380760
db:JVNDBid:JVNDB-2021-007568
db:CNNVDid:CNNVD-202106-236
db:NVDid:CVE-2021-22325

LAST UPDATE DATE

2024-08-14T14:11:21.343000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380760date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-007568date:2022-02-17T05:10:00
db:CNNVDid:CNNVD-202106-236date:2021-06-11T00:00:00
db:NVDid:CVE-2021-22325date:2021-12-09T17:57:49.457

SOURCES RELEASE DATE

db:VULHUBid:VHN-380760date:2021-06-03T00:00:00
db:JVNDBid:JVNDB-2021-007568date:2022-02-17T00:00:00
db:CNNVDid:CNNVD-202106-236date:2021-06-03T00:00:00
db:NVDid:CVE-2021-22325date:2021-06-03T17:15:07.893