Vulnerabilities > CVE-2021-22382 - Improper Preservation of Permissions vulnerability in Huawei E3372 Firmware and E8372 Firmware

CVSS 6.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-281

NVD

Published: 2021-06-22

Updated: 2021-06-29

Summary

Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei E3372 Firmware * Huawei E8372 Firmware *	2
Hardware	Huawei Huawei E3372 - Huawei E8372 -	2

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en