CVE-2021-22449

EUVD-2021-9595
There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
huaweielf-g10hn
1.0.0.608
𝑥
= Vulnerable software versions
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en