JavaScript Injection Vulnerability in Huawei Smartphones
CVE-2021-22331

7.5HIGH

Key Information:

Vendor: Huawei
Status: Huawei P30
Vendor: CVE Published:; 28 April 2021

Summary

A JavaScript injection vulnerability exists in specific firmware versions of Huawei smartphones, which stems from insufficient input validation in a module. This flaw allows attackers to exploit the vulnerability by sending a malicious application request, potentially leading to a compromise of normal services. It is crucial for users to update to the latest firmware versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

HUAWEI P30 Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 28, 2021
Vulnerability Reserved
Jan 5, 2021