CVE-2021-22398

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
huaweihulk-al00c_firmware
9.1.1.201\(c00e201r8p1\)
huaweijennifer-an00c_firmware
10.1.1.171\(c00e170r6p3\)
huaweijenny-al10b_firmware
10.1.0.228\(c00e220r5p1\)
huaweioxfordpl-an10b_firmware
10.1.0.116\(c00e110r2p1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en