JavaScript Injection Vulnerability in Huawei Smartphones
CVE-2021-22331

7.5HIGH

Key Information:

Vendor
Huawei
Vendor
CVE Published:
28 April 2021

Summary

A JavaScript injection vulnerability exists in specific firmware versions of Huawei smartphones, which stems from insufficient input validation in a module. This flaw allows attackers to exploit the vulnerability by sending a malicious application request, potentially leading to a compromise of normal services. It is crucial for users to update to the latest firmware versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

HUAWEI P30 Versions earlier than 10.1.0.165(C01E165R2P11),Versions earlier than 11.0.0.118(C635E2R1P3),Versions earlier than 11.0.0.120(C00E120R2P5),Versions earlier than 11.0.0.138(C10E4R5P3),Versions earlier than 11.0.0.138(C185E4R7P3),Versions earlier than 11.0.0.138(C432E8R2P3),Versions earlier than 11.0.0.138(C461E4R3P3),Versions earlier than 11.0.0.138(C605E4R1P3),Versions earlier than 11.0.0.138(C636E4R3P3)

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.