← Back

CVE-2021-22398

nvd nist
Published: Aug 2, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.6
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 0.9 / Impact: 3.6
Source: NVD

Description

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).

Affected (4)

Huawei
4 products
Hulk Al00c Firmware
Jennifer An00c Firmware
Jenny Al10b Firmware
Oxfordpl An10b Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hulk Al00c Firmware
Version 9.1.1.201(c00e201r8p1)
Running on/withPlatform Versions
Huawei
Hulk Al00c
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jennifer An00c Firmware
Version 10.1.1.171(c00e170r6p3)
Running on/withPlatform Versions
Huawei
Jennifer An00c
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jenny Al10b Firmware
Version 10.1.0.228(c00e220r5p1)
Running on/withPlatform Versions
Huawei
Jenny Al10b
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Oxfordpl An10b Firmware
Version 10.1.0.116(c00e110r2p1)
Running on/withPlatform Versions
Huawei
Oxfordpl An10b
All versions

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.