Sign-up

ID

VAR-202201-1022


CVE

CVE-2021-40026


TITLE

plural  Huawei  Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-002899

DESCRIPTION

There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. Huawei HarmonyOS , EMUI , Magic UI Exists in an out-of-bounds write vulnerability.Information may be tampered with. Huawei HarmonyOS Wearables is an electronic watch from Huawei, the Chinese company Huawei. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 1.71

sources: NVD: CVE-2021-40026 // JVNDB: JVNDB-2022-002899 // VULHUB: VHN-401427

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-002899 // NVD: CVE-2021-40026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40026
value: HIGH

Trust: 1.0

NVD: CVE-2021-40026
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202201-312
value: HIGH

Trust: 0.6

VULHUB: VHN-401427
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-40026
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-401427
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40026
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-40026
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-401427 // JVNDB: JVNDB-2022-002899 // CNNVD: CNNVD-202201-312 // NVD: CVE-2021-40026

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401427 // JVNDB: JVNDB-2022-002899 // NVD: CVE-2021-40026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-312

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202201-312

PATCH

title:security-bulletins-202201-0000001238736331 Huawei Support Bulletinurl:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331

Trust: 0.8

title:Huawei HarmonyOS Wearables Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178009

Trust: 0.6

sources: JVNDB: JVNDB-2022-002899 // CNNVD: CNNVD-202201-312

EXTERNAL IDS

db:NVDid:CVE-2021-40026

Trust: 3.3

db:JVNDBid:JVNDB-2022-002899

Trust: 0.8

db:CNNVDid:CNNVD-202201-312

Trust: 0.7

db:VULHUBid:VHN-401427

Trust: 0.1

sources: VULHUB: VHN-401427 // JVNDB: JVNDB-2022-002899 // CNNVD: CNNVD-202201-312 // NVD: CVE-2021-40026

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/1/

Trust: 1.7

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-40026

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-wearables-202201-0000001239056313

Trust: 0.6

sources: VULHUB: VHN-401427 // JVNDB: JVNDB-2022-002899 // CNNVD: CNNVD-202201-312 // NVD: CVE-2021-40026

SOURCES

db:VULHUBid:VHN-401427
db:JVNDBid:JVNDB-2022-002899
db:CNNVDid:CNNVD-202201-312
db:NVDid:CVE-2021-40026

LAST UPDATE DATE

2024-08-14T14:25:04.070000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-401427date:2022-01-13T00:00:00
db:JVNDBid:JVNDB-2022-002899date:2023-01-25T08:35:00
db:CNNVDid:CNNVD-202201-312date:2022-01-17T00:00:00
db:NVDid:CVE-2021-40026date:2022-01-13T14:26:51.273

SOURCES RELEASE DATE

db:VULHUBid:VHN-401427date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2022-002899date:2023-01-25T00:00:00
db:CNNVDid:CNNVD-202201-312date:2022-01-05T00:00:00
db:NVDid:CVE-2021-40026date:2022-01-10T14:10:21.760