Sign-up

ID

VAR-202106-1928


CVE

CVE-2021-22316


TITLE

Huawei  Vulnerability regarding lack of authentication for important functions in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-007564

DESCRIPTION

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability. Huawei Smartphones are vulnerable to lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

Trust: 1.71

sources: NVD: CVE-2021-22316 // JVNDB: JVNDB-2021-007564 // VULHUB: VHN-380751

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.1

Trust: 1.0

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007564 // NVD: CVE-2021-22316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22316
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22316
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202106-232
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380751
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22316
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380751
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22316
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22316
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380751 // JVNDB: JVNDB-2021-007564 // CNNVD: CNNVD-202106-232 // NVD: CVE-2021-22316

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:Lack of authentication for important features (CWE-306) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380751 // JVNDB: JVNDB-2021-007564 // NVD: CVE-2021-22316

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202106-232

PATCH

title:Huawei EMUI/Magic UI security updates February 2021url:https://consumer.huawei.com/en/support/bulletin/2021/2/

Trust: 0.8

title:Repair measures for Huawei smartphone access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153894

Trust: 0.6

sources: JVNDB: JVNDB-2021-007564 // CNNVD: CNNVD-202106-232

EXTERNAL IDS

db:NVDid:CVE-2021-22316

Trust: 3.3

db:JVNDBid:JVNDB-2021-007564

Trust: 0.8

db:CNNVDid:CNNVD-202106-232

Trust: 0.7

db:VULHUBid:VHN-380751

Trust: 0.1

sources: VULHUB: VHN-380751 // JVNDB: JVNDB-2021-007564 // CNNVD: CNNVD-202106-232 // NVD: CVE-2021-22316

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/2/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22316

Trust: 0.8

sources: VULHUB: VHN-380751 // JVNDB: JVNDB-2021-007564 // CNNVD: CNNVD-202106-232 // NVD: CVE-2021-22316

SOURCES

db:VULHUBid:VHN-380751
db:JVNDBid:JVNDB-2021-007564
db:CNNVDid:CNNVD-202106-232
db:NVDid:CVE-2021-22316

LAST UPDATE DATE

2024-08-14T15:17:10.392000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380751date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-007564date:2022-02-17T05:10:00
db:CNNVDid:CNNVD-202106-232date:2021-06-11T00:00:00
db:NVDid:CVE-2021-22316date:2021-12-09T17:57:49.903

SOURCES RELEASE DATE

db:VULHUBid:VHN-380751date:2021-06-03T00:00:00
db:JVNDBid:JVNDB-2021-007564date:2022-02-17T00:00:00
db:CNNVDid:CNNVD-202106-232date:2021-06-03T00:00:00
db:NVDid:CVE-2021-22316date:2021-06-03T16:15:11.350