Sign-up

ID

VAR-202111-0850


CVE

CVE-2021-37010


TITLE

Huawei  Information disclosure vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-015588

DESCRIPTION

There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. Huawei Smartphones are vulnerable to information disclosure.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-37010 // JVNDB: JVNDB-2021-015588 // VULHUB: VHN-398842

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015588 // NVD: CVE-2021-37010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37010
value: HIGH

Trust: 1.0

NVD: CVE-2021-37010
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-1881
value: HIGH

Trust: 0.6

VULHUB: VHN-398842
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37010
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398842
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37010
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37010
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398842 // JVNDB: JVNDB-2021-015588 // CNNVD: CNNVD-202111-1881 // NVD: CVE-2021-37010

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398842 // JVNDB: JVNDB-2021-015588 // NVD: CVE-2021-37010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1881

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202111-1881

PATCH

title:security-bulletins-202108-0000001180965965url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202108-0000001180965965

Trust: 0.8

title:Huawei HarmonyOS Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172180

Trust: 0.6

sources: JVNDB: JVNDB-2021-015588 // CNNVD: CNNVD-202111-1881

EXTERNAL IDS

db:NVDid:CVE-2021-37010

Trust: 3.3

db:JVNDBid:JVNDB-2021-015588

Trust: 0.8

db:CNNVDid:CNNVD-202111-1881

Trust: 0.6

db:VULHUBid:VHN-398842

Trust: 0.1

sources: VULHUB: VHN-398842 // JVNDB: JVNDB-2021-015588 // CNNVD: CNNVD-202111-1881 // NVD: CVE-2021-37010

REFERENCES

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37010

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-wearables-202108-0000001135186780

Trust: 0.6

sources: VULHUB: VHN-398842 // JVNDB: JVNDB-2021-015588 // CNNVD: CNNVD-202111-1881 // NVD: CVE-2021-37010

SOURCES

db:VULHUBid:VHN-398842
db:JVNDBid:JVNDB-2021-015588
db:CNNVDid:CNNVD-202111-1881
db:NVDid:CVE-2021-37010

LAST UPDATE DATE

2024-08-14T15:22:03.564000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398842date:2021-11-29T00:00:00
db:JVNDBid:JVNDB-2021-015588date:2022-11-24T09:13:00
db:CNNVDid:CNNVD-202111-1881date:2021-12-01T00:00:00
db:NVDid:CVE-2021-37010date:2021-11-29T15:51:38.447

SOURCES RELEASE DATE

db:VULHUBid:VHN-398842date:2021-11-23T00:00:00
db:JVNDBid:JVNDB-2021-015588date:2022-11-24T00:00:00
db:CNNVDid:CNNVD-202111-1881date:2021-11-23T00:00:00
db:NVDid:CVE-2021-37010date:2021-11-23T16:15:09.113