Sign-up

ID

VAR-202112-0949


CVE

CVE-2021-40006


TITLE

HarmonyOS  Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017515

DESCRIPTION

Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality. HarmonyOS Exists in the use of cryptographic algorithms.Information may be obtained. Huawei HarmonyOS Wearables is an electronic watch made by Huawei from the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2021-40006 // JVNDB: JVNDB-2021-017515 // CNVD: CNVD-2022-05175 // VULHUB: VHN-401407

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-05175

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:eqversion:2.0

Trust: 1.6

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2022-05175 // JVNDB: JVNDB-2021-017515 // NVD: CVE-2021-40006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40006
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-40006
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-05175
value: LOW

Trust: 0.6

CNNVD: CNNVD-202112-209
value: MEDIUM

Trust: 0.6

VULHUB: VHN-401407
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-40006
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-05175
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-401407
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40006
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-40006
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-05175 // VULHUB: VHN-401407 // JVNDB: JVNDB-2021-017515 // CNNVD: CNNVD-202112-209 // NVD: CVE-2021-40006

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.1

problemtype:CWE-254

Trust: 1.0

problemtype:Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401407 // JVNDB: JVNDB-2021-017515 // NVD: CVE-2021-40006

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-209

PATCH

title:security-bulletins-202112-0000001183296718url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718

Trust: 0.8

title:Patch for Huawei HarmonyOS Wearables Encryption Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/315076

Trust: 0.6

title:Huawei HarmonyOS Wearables Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172733

Trust: 0.6

sources: CNVD: CNVD-2022-05175 // JVNDB: JVNDB-2021-017515 // CNNVD: CNNVD-202112-209

EXTERNAL IDS

db:NVDid:CVE-2021-40006

Trust: 3.9

db:JVNDBid:JVNDB-2021-017515

Trust: 0.8

db:CNVDid:CNVD-2022-05175

Trust: 0.7

db:CNNVDid:CNNVD-202112-209

Trust: 0.7

db:VULHUBid:VHN-401407

Trust: 0.1

sources: CNVD: CNVD-2022-05175 // VULHUB: VHN-401407 // JVNDB: JVNDB-2021-017515 // CNNVD: CNNVD-202112-209 // NVD: CVE-2021-40006

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-40006

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-wearables-202112-0000001183456638

Trust: 1.2

url:https://consumer.huawei.com/en/support/bulletin/2023/8/

Trust: 1.0

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725

Trust: 1.0

sources: CNVD: CNVD-2022-05175 // VULHUB: VHN-401407 // JVNDB: JVNDB-2021-017515 // CNNVD: CNNVD-202112-209 // NVD: CVE-2021-40006

SOURCES

db:CNVDid:CNVD-2022-05175
db:VULHUBid:VHN-401407
db:JVNDBid:JVNDB-2021-017515
db:CNNVDid:CNNVD-202112-209
db:NVDid:CVE-2021-40006

LAST UPDATE DATE

2024-08-14T14:50:02.878000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-05175date:2022-01-19T00:00:00
db:VULHUBid:VHN-401407date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-017515date:2023-01-24T05:25:00
db:CNNVDid:CNNVD-202112-209date:2022-07-14T00:00:00
db:NVDid:CVE-2021-40006date:2023-08-13T13:15:08.720

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-05175date:2022-01-19T00:00:00
db:VULHUBid:VHN-401407date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2021-017515date:2023-01-24T00:00:00
db:CNNVDid:CNNVD-202112-209date:2021-12-05T00:00:00
db:NVDid:CVE-2021-40006date:2022-01-10T14:10:21.260