Sign-up

ID

VAR-202110-1485


CVE

CVE-2021-36991


TITLE

Huawei  Vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014267

DESCRIPTION

There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access. Huawei Smartphones have unspecified vulnerabilities.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-36991 // JVNDB: JVNDB-2021-014267 // VULHUB: VHN-398824

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014267 // NVD: CVE-2021-36991

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36991
value: HIGH

Trust: 1.0

NVD: CVE-2021-36991
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-2089
value: HIGH

Trust: 0.6

VULHUB: VHN-398824
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36991
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398824
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36991
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-36991
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398824 // JVNDB: JVNDB-2021-014267 // CNNVD: CNNVD-202110-2089 // NVD: CVE-2021-36991

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-398824 // JVNDB: JVNDB-2021-014267 // NVD: CVE-2021-36991

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2089

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-2089

PATCH

title:CVE-2021-36991url:https://consumer.huawei.com/en/support/bulletin/2021/7/

Trust: 0.8

title:Huawei Smartphone Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168227

Trust: 0.6

sources: JVNDB: JVNDB-2021-014267 // CNNVD: CNNVD-202110-2089

EXTERNAL IDS

db:NVDid:CVE-2021-36991

Trust: 3.3

db:JVNDBid:JVNDB-2021-014267

Trust: 0.8

db:CNNVDid:CNNVD-202110-2089

Trust: 0.6

db:VULHUBid:VHN-398824

Trust: 0.1

sources: VULHUB: VHN-398824 // JVNDB: JVNDB-2021-014267 // CNNVD: CNNVD-202110-2089 // NVD: CVE-2021-36991

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/7/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36991

Trust: 1.4

sources: VULHUB: VHN-398824 // JVNDB: JVNDB-2021-014267 // CNNVD: CNNVD-202110-2089 // NVD: CVE-2021-36991

SOURCES

db:VULHUBid:VHN-398824
db:JVNDBid:JVNDB-2021-014267
db:CNNVDid:CNNVD-202110-2089
db:NVDid:CVE-2021-36991

LAST UPDATE DATE

2024-08-14T15:42:43.402000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398824date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-014267date:2022-10-11T09:02:00
db:CNNVDid:CNNVD-202110-2089date:2022-07-14T00:00:00
db:NVDid:CVE-2021-36991date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-398824date:2021-10-28T00:00:00
db:JVNDBid:JVNDB-2021-014267date:2022-10-11T00:00:00
db:CNNVDid:CNNVD-202110-2089date:2021-10-28T00:00:00
db:NVDid:CVE-2021-36991date:2021-10-28T13:15:10.613