ID

VAR-202111-1592


CVE

CVE-2021-37030


TITLE

Huawei  Improper Default Permission Vulnerability in Smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-015558

DESCRIPTION

There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Huawei Smartphones are vulnerable to improper default permissions.Service operation interruption (DoS) It may be in a state. Huawei Emui is a mobile operating system developed based on Android. Magic Ui is a mobile operating system developed based on Android. An incorrect permission vulnerability exists in Huawei Emui and Magic UI

Trust: 1.71

sources: NVD: CVE-2021-37030 // JVNDB: JVNDB-2021-015558 // VULHUB: VHN-398863

AFFECTED PRODUCTS

vendor:huaweimodel:magic uiscope:eqversion:3.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:9.1.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:2.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:9.1.1

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015558 // NVD: CVE-2021-37030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37030
value: HIGH

Trust: 1.0

NVD: CVE-2021-37030
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-1895
value: HIGH

Trust: 0.6

VULHUB: VHN-398863
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37030
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398863
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37030
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37030
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398863 // JVNDB: JVNDB-2021-015558 // CNNVD: CNNVD-202111-1895 // NVD: CVE-2021-37030

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

problemtype:Inappropriate default permissions (CWE-276) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398863 // JVNDB: JVNDB-2021-015558 // NVD: CVE-2021-37030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1895

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-1895

PATCH

title:HUAWEI EMUI/Magic UI security updates August 2021url:https://consumer.huawei.com/en/support/bulletin/2021/8/

Trust: 0.8

title:Huawei HarmonyOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172192

Trust: 0.6

sources: JVNDB: JVNDB-2021-015558 // CNNVD: CNNVD-202111-1895

EXTERNAL IDS

db:NVDid:CVE-2021-37030

Trust: 3.3

db:JVNDBid:JVNDB-2021-015558

Trust: 0.8

db:CNNVDid:CNNVD-202111-1895

Trust: 0.6

db:CNVDid:CNVD-2021-102863

Trust: 0.1

db:VULHUBid:VHN-398863

Trust: 0.1

sources: VULHUB: VHN-398863 // JVNDB: JVNDB-2021-015558 // CNNVD: CNNVD-202111-1895 // NVD: CVE-2021-37030

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/8/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37030

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398863 // JVNDB: JVNDB-2021-015558 // CNNVD: CNNVD-202111-1895 // NVD: CVE-2021-37030

SOURCES

db:VULHUBid:VHN-398863
db:JVNDBid:JVNDB-2021-015558
db:CNNVDid:CNNVD-202111-1895
db:NVDid:CVE-2021-37030

LAST UPDATE DATE

2024-08-14T15:32:57.368000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398863date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015558date:2022-11-24T06:42:00
db:CNNVDid:CNNVD-202111-1895date:2021-12-01T00:00:00
db:NVDid:CVE-2021-37030date:2021-12-09T17:57:50.007

SOURCES RELEASE DATE

db:VULHUBid:VHN-398863date:2021-11-23T00:00:00
db:JVNDBid:JVNDB-2021-015558date:2022-11-24T00:00:00
db:CNNVDid:CNNVD-202111-1895date:2021-11-23T00:00:00
db:NVDid:CVE-2021-37030date:2021-11-23T16:15:09.707