Vulnerabilities > CVE-2021-37104 - Server-Side Request Forgery (SSRF) vulnerability in Huawei P40 Firmware 10.1.0.118(C00E116R3P3)

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

huawei

CWE-918

NVD

Published: 2021-09-28

Updated: 2021-10-06

Summary

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei P40 Firmware 10.1.0.118\(C00E116R3P3\)	1
Hardware	Huawei Huawei P40 -	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en