Details of VAR-202108-0279

ID

VAR-202108-0279

CVE

CVE-2021-22400

TITLE

Huawei smartphone OxfordS-AN00A Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-009414

DESCRIPTION

Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Affected product include:OxfordS-AN00A 10.0.1.10(C00E10R1P1),10.0.1.105(C00E103R3P3),10.0.1.115(C00E110R3P3),10.0.1.123(C00E121R3P3),10.0.1.135(C00E130R3P3),10.0.1.135(C00E130R4P1),10.0.1.152(C00E140R4P1),10.0.1.160(C00E160R4P1),10.0.1.167(C00E166R4P1),10.0.1.173(C00E172R5P1),10.0.1.178(C00E175R5P1) and 10.1.0.202(C00E79R5P1). Huawei smartphone OxfordS-AN00A Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Huawei OxfordS-AN00A is a smart phone of China's Huawei (Huawei) company. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-22400 // JVNDB: JVNDB-2021-009414 // CNVD: CNVD-2021-61420 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-22400

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-61420

AFFECTED PRODUCTS

vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.135\(c00e130r3p3\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.173\(c00e172r5p1\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.123\(c00e121r3p3\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.105\(c00e103r3p3\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.160\(c00e160r4p1\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.10\(c00e10r1p1\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.152\(c00e140r4p1\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.1.0.202\(c00e79r5p1\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.167\(c00e166r4p1\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.178\(c00e175r5p1\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.115\(c00e110r3p3\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	10.0.1.135\(c00e130r4p1\)	Trust: 1.0
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.115(c00e110r3p3)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.167(c00e166r4p1)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.10(c00e10r1p1)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.160(c00e160r4p1)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.1.0.202(c00e79r5p1)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.135(c00e130r4p1)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.178(c00e175r5p1)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.135(c00e130r3p3)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.123(c00e121r3p3)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.152(c00e140r4p1)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.105(c00e103r3p3)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	eq	version:	oxfords-an00a firmware 10.0.1.173(c00e172r5p1)	Trust: 0.8
vendor:	huawei	model:	oxfords-an00a	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-61420 // JVNDB: JVNDB-2021-009414 // NVD: CVE-2021-22400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22400
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22400
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-61420
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1780
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-22400
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22400
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-61420
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22400
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22400
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-61420 // VULMON: CVE-2021-22400 // JVNDB: JVNDB-2021-009414 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1780 // NVD: CVE-2021-22400

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009414 // NVD: CVE-2021-22400

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1780

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	huawei-sa-20210721-01-phones	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210721-01-phones-en	Trust: 0.8
title:	Patch for Huawei OxfordS-AN00A input verification error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/285561	Trust: 0.6
title:	Huawei OxfordS-AN00A Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157526	Trust: 0.6

sources: CNVD: CNVD-2021-61420 // JVNDB: JVNDB-2021-009414 // CNNVD: CNNVD-202107-1780

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22400	Trust: 3.9
db:	CS-HELP	id:	SB2021072301	Trust: 1.2
db:	JVNDB	id:	JVNDB-2021-009414	Trust: 0.8
db:	CNVD	id:	CNVD-2021-61420	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-1780	Trust: 0.6
db:	VULMON	id:	CVE-2021-22400	Trust: 0.1

sources: CNVD: CNVD-2021-61420 // VULMON: CVE-2021-22400 // JVNDB: JVNDB-2021-009414 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1780 // NVD: CVE-2021-22400

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210721-01-phones-en	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021072301	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22400	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210721-01-phones-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-61420 // VULMON: CVE-2021-22400 // JVNDB: JVNDB-2021-009414 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1780 // NVD: CVE-2021-22400

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202107-1780

SOURCES

db:	CNVD	id:	CNVD-2021-61420
db:	VULMON	id:	CVE-2021-22400
db:	JVNDB	id:	JVNDB-2021-009414
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1780
db:	NVD	id:	CVE-2021-22400

LAST UPDATE DATE

2024-08-14T12:07:56.334000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-61420	date:	2021-08-12T00:00:00
db:	VULMON	id:	CVE-2021-22400	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-009414	date:	2022-04-26T09:07:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1780	date:	2021-08-12T00:00:00
db:	NVD	id:	CVE-2021-22400	date:	2021-08-11T15:41:36.310

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-61420	date:	2021-08-12T00:00:00
db:	VULMON	id:	CVE-2021-22400	date:	2021-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-009414	date:	2022-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1780	date:	2021-07-22T00:00:00
db:	NVD	id:	CVE-2021-22400	date:	2021-08-03T14:15:08.187