Vulnerabilities > CVE-2021-22398 - Incorrect Authorization vulnerability in Huawei products

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

huawei

CWE-863

NVD

Published: 2021-08-02

Updated: 2021-08-11

Summary

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Hulk Al00C Firmware 9.1.1.201\(C00E201R8P1\) Huawei Jennifer An00C Firmware 10.1.1.171\(C00E170R6P3\) Huawei Jenny Al10B Firmware 10.1.0.228\(C00E220R5P1\) Huawei Oxfordpl An10B Firmware 10.1.0.116\(C00E110R2P1\)	4
Hardware	Huawei Huawei Hulk Al00C - Huawei Jennifer An00C - Huawei Jenny Al10B - Huawei Oxfordpl An10B -	4

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en