Laser Command Injection Vulnerability on AIS-BW80H-00 Product by Huawei
CVE-2021-40043

7.8HIGH

Key Information:

Vendor: Huawei
Status: Ais-bw80h-00
Vendor: CVE Published:; 25 February 2022

Summary

The laser command injection vulnerability in Huawei's AIS-BW80H-00 allows attackers to exploit the device if it is visually accessible. This flaw can lead to unauthorized execution of voice commands, exposing the device to potential malicious manipulation. Devices running versions prior to 9.0.3.4(H100SP13C00) are particularly affected, which underscores the importance of updating to mitigate risks associated with this vulnerability.

Affected Version(s)

AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2022
Vulnerability Reserved
Aug 23, 2021