Search criteria
4 vulnerabilities found for oxfords-an00a by huawei
VAR-202003-1130
Vulnerability from variot - Updated: 2024-11-23 23:04Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Huawei OxfordS-AN00A is a Huawei smartphone device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oxfords-an00a",
"scope": "gt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.152d\\(c735e152r3p3\\)"
},
{
"model": "oxfords-an00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.152d\\(c735e152r3p3\\)"
},
{
"model": "oxfords-an00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.160\\(c00e160r4p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "10.0.1.152d(c735e152r3p3)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "10.0.1.160(c00e160r4p1)"
},
{
"model": "oxfords-an00a 10.0.1.152d",
"scope": "lt",
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"db": "NVD",
"id": "CVE-2020-1878"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:oxfords-an00a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
}
]
},
"cve": "CVE-2020-1878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-1878",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003138",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2020-21058",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-1878",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003138",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1878",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-003138",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-21058",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-641",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-1878",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"db": "VULMON",
"id": "CVE-2020-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-641"
},
{
"db": "NVD",
"id": "CVE-2020-1878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Huawei OxfordS-AN00A is a Huawei smartphone device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"db": "VULMON",
"id": "CVE-2020-1878"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1878",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003138",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-21058",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-641",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-1878",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"db": "VULMON",
"id": "CVE-2020-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-641"
},
{
"db": "NVD",
"id": "CVE-2020-1878"
}
]
},
"id": "VAR-202003-1130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21058"
}
],
"trust": 1.0861111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21058"
}
]
},
"last_update_date": "2024-11-23T23:04:27.142000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200311-01-informationleak",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-informationleak-en"
},
{
"title": "Patch for Huawei OxfordS-AN00A Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/212059"
},
{
"title": "Huawei OxfordS-AN00A Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=111895"
},
{
"title": "Huawei Security Advisories: Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=18522e48b8011cb20b24f9f6eccf3ab8"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2020-1878 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"db": "VULMON",
"id": "CVE-2020-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-641"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"db": "NVD",
"id": "CVE-2020-1878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1878"
},
{
"trust": 1.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-informationleak-en"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1878"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200311-01-informationleak-cn"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200415-02-dos-cn"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-1878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"db": "VULMON",
"id": "CVE-2020-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-641"
},
{
"db": "NVD",
"id": "CVE-2020-1878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"db": "VULMON",
"id": "CVE-2020-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-641"
},
{
"db": "NVD",
"id": "CVE-2020-1878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1878"
},
{
"date": "2020-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"date": "2020-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-641"
},
{
"date": "2020-03-20T15:15:14.373000",
"db": "NVD",
"id": "CVE-2020-1878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-21058"
},
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1878"
},
{
"date": "2020-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003138"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-641"
},
{
"date": "2024-11-21T05:11:31.890000",
"db": "NVD",
"id": "CVE-2020-1878"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-641"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smartphone OxfordS-AN00A Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003138"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-641"
}
],
"trust": 0.6
}
}
VAR-202009-1317
Vulnerability from variot - Updated: 2024-11-23 22:11Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. Huawei smartphone HONOR 20 PRO Contains an information disclosure vulnerability.Information may be obtained. Huawei Honor V20 is a smart phone of China's Huawei (Huawei) company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1317",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "honor pro \u003c10.1.0.231",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "20"
},
{
"model": "honor pro \u003c10.1.0.160",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "20"
},
{
"model": "honor pro \u003c10.1.0.212",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": "20"
},
{
"model": "honor pro \u003c10.1.0.214",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": "20"
},
{
"model": "honor pro \u003c10.1.0.225",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": "20"
},
{
"model": "honor view 20",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.213\\(c636e3r4p3\\)"
},
{
"model": "yale-l21a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.231\\(c10e3r3p2\\)"
},
{
"model": "yale-l21a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.231\\(c636e3r3p1\\)"
},
{
"model": "honor 20 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.231\\(c10e3r3p2\\)"
},
{
"model": "yale-al00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.160\\(c00e160r8p12\\)"
},
{
"model": "yale-l61a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.225\\(c431e3r1p2\\)"
},
{
"model": "honor view 20",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.212\\(c432e10r3p4\\)"
},
{
"model": "honor 20 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.231\\(c636e3r3p1\\)"
},
{
"model": "princeton-al10b",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.160\\(c00e160r2p11\\)"
},
{
"model": "princeton-tl10c",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.160\\(c01e160r2p11\\)"
},
{
"model": "honor view 20",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.214\\(c10e5r4p3\\)"
},
{
"model": "yale-l21a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.230\\(c432e9r5p1\\)"
},
{
"model": "honor 20 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.230\\(c432e9r5p1\\)"
},
{
"model": "tony-al00b",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.160\\(c00e160r2p11\\)"
},
{
"model": "princeton-al10d",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.160\\(c00e160r2p11\\)"
},
{
"model": "honor 20 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.231\\(c185e3r5p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.212\\(c00e210r5p1\\)"
},
{
"model": "yale-l61a",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.225\\(c432e3r1p2\\)"
},
{
"model": "honor view 20",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.214\\(c185e3r3p3\\)"
},
{
"model": "honor 20 pro",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "honor view 20",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "oxfords-an00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "princeton-al10b",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "princeton-al10d",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "princeton-tl10c",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "tony-al00b",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "yale-al00a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "yale-l21a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "yale-l61a",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "honor pro \u003c10.1.0.230",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "20"
},
{
"model": "honor pro \u003c10.1.0.213",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"db": "NVD",
"id": "CVE-2020-9235"
}
]
},
"cve": "CVE-2020-9235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9235",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-52402",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-9235",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-9235",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9235",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-9235",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-52402",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-252",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-252"
},
{
"db": "NVD",
"id": "CVE-2020-9235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. Huawei smartphone HONOR 20 PRO Contains an information disclosure vulnerability.Information may be obtained. Huawei Honor V20 is a smart phone of China\u0027s Huawei (Huawei) company",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"db": "CNVD",
"id": "CNVD-2020-52402"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9235",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010696",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52402",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-252",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-252"
},
{
"db": "NVD",
"id": "CVE-2020-9235"
}
]
},
"id": "VAR-202009-1317",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
}
],
"trust": 1.0648148133333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
}
]
},
"last_update_date": "2024-11-23T22:11:19.159000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200902-07-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en"
},
{
"title": "Patch for Huawei Honor 20 PRO information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/234328"
},
{
"title": "HUAWEI HONOR 20 PRO Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127436"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-252"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"db": "NVD",
"id": "CVE-2020-9235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9235"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-252"
},
{
"db": "NVD",
"id": "CVE-2020-9235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-252"
},
{
"db": "NVD",
"id": "CVE-2020-9235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"date": "2021-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"date": "2020-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-252"
},
{
"date": "2020-09-03T19:15:12.417000",
"db": "NVD",
"id": "CVE-2020-9235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"date": "2021-02-01T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2020-010696"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-252"
},
{
"date": "2024-11-21T05:40:12.693000",
"db": "NVD",
"id": "CVE-2020-9235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Honor 20 PRO information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52402"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-252"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-252"
}
],
"trust": 0.6
}
}
VAR-202107-0370
Vulnerability from variot - Updated: 2024-08-14 12:51There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tony-al00b",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.257\\(c00e222r2p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.223\\(c00e210r5p1\\)"
},
{
"model": "mate 20",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.195\\(c01e195r2p1\\)"
},
{
"model": "mate 20 pro",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.188\\(c185e10r2p1\\)"
},
{
"model": "mate 20 pro",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.267\\(c636e10r2p1\\)"
},
{
"model": "mate 20 pro",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.266\\(c432e10r1p16\\)"
},
{
"model": "mate 20 pro",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.187\\(c432e10r1p16\\)"
},
{
"model": "hima-l29c",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.105\\(c636e9r1p16\\)"
},
{
"model": "hima-l29c",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.105\\(c185e9r1p16\\)"
},
{
"model": "mate 20 pro",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.268\\(c635e12r1p16\\)"
},
{
"model": "laya-al00ep",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.139\\(c786e133r3p1\\)"
},
{
"model": "mate 20 pro",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.278\\(c185e10r2p1\\)"
},
{
"model": "hima-l29c",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.105\\(c10e9r1p16\\)"
},
{
"model": "mate 20",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.139\\(c00e133r3p1\\)"
},
{
"model": "mate 20 pro",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.245\\(c10e10r2p1\\)"
},
{
"model": "laya-al00ep",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hima-l29c",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 20 pro",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"db": "NVD",
"id": "CVE-2021-22440"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vulnerability was discovered by an external researcher",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-2021"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22440",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22440",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2021-22440",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22440",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22440",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-22440",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-2021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-22440",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22440"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-2021"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-22440"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22440"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-22440"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22440",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009235",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021070201",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-2021",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22440",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22440"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-2021"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-22440"
}
]
},
"id": "VAR-202107-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.42083333
},
"last_update_date": "2024-08-14T12:51:07.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20210630-01-pathtraversal",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-pathtraversal-en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"db": "NVD",
"id": "CVE-2021-22440"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-pathtraversal-en"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22440"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070201"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210630-01-pathtraversal-cn"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22440"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-2021"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-22440"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-22440"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-2021"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-22440"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22440"
},
{
"date": "2022-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"date": "2021-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-2021"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-13T12:15:09.847000",
"db": "NVD",
"id": "CVE-2021-22440"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22440"
},
{
"date": "2022-04-18T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-009235"
},
{
"date": "2021-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-2021"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-15T22:28:16.663000",
"db": "NVD",
"id": "CVE-2021-22440"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Huawei\u00a0 Path traversal vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-2021"
}
],
"trust": 0.6
}
}
VAR-202108-0279
Vulnerability from variot - Updated: 2024-08-14 12:07Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Affected product include:OxfordS-AN00A 10.0.1.10(C00E10R1P1),10.0.1.105(C00E103R3P3),10.0.1.115(C00E110R3P3),10.0.1.123(C00E121R3P3),10.0.1.135(C00E130R3P3),10.0.1.135(C00E130R4P1),10.0.1.152(C00E140R4P1),10.0.1.160(C00E160R4P1),10.0.1.167(C00E166R4P1),10.0.1.173(C00E172R5P1),10.0.1.178(C00E175R5P1) and 10.1.0.202(C00E79R5P1). Huawei smartphone OxfordS-AN00A Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Huawei OxfordS-AN00A is a smart phone of China's Huawei (Huawei) company. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.135\\(c00e130r3p3\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.173\\(c00e172r5p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.123\\(c00e121r3p3\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.105\\(c00e103r3p3\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.160\\(c00e160r4p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.10\\(c00e10r1p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.152\\(c00e140r4p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.202\\(c00e79r5p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.167\\(c00e166r4p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.178\\(c00e175r5p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.115\\(c00e110r3p3\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.135\\(c00e130r4p1\\)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.115(c00e110r3p3)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.167(c00e166r4p1)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.10(c00e10r1p1)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.160(c00e160r4p1)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.1.0.202(c00e79r5p1)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.135(c00e130r4p1)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.178(c00e175r5p1)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.135(c00e130r3p3)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.123(c00e121r3p3)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.152(c00e140r4p1)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.105(c00e103r3p3)"
},
{
"model": "oxfords-an00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "oxfords-an00a firmware 10.0.1.173(c00e172r5p1)"
},
{
"model": "oxfords-an00a",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"db": "NVD",
"id": "CVE-2021-22400"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vulnerability was discovered by Huawei\u0027s internal testing",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1780"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22400",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22400",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-61420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22400",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22400",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22400",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-22400",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-61420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1780",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-22400",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"db": "VULMON",
"id": "CVE-2021-22400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1780"
},
{
"db": "NVD",
"id": "CVE-2021-22400"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Affected product include:OxfordS-AN00A 10.0.1.10(C00E10R1P1),10.0.1.105(C00E103R3P3),10.0.1.115(C00E110R3P3),10.0.1.123(C00E121R3P3),10.0.1.135(C00E130R3P3),10.0.1.135(C00E130R4P1),10.0.1.152(C00E140R4P1),10.0.1.160(C00E160R4P1),10.0.1.167(C00E166R4P1),10.0.1.173(C00E172R5P1),10.0.1.178(C00E175R5P1) and 10.1.0.202(C00E79R5P1). Huawei smartphone OxfordS-AN00A Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Huawei OxfordS-AN00A is a smart phone of China\u0027s Huawei (Huawei) company. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-22400"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22400",
"trust": 3.9
},
{
"db": "CS-HELP",
"id": "SB2021072301",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009414",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-61420",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1780",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22400",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"db": "VULMON",
"id": "CVE-2021-22400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1780"
},
{
"db": "NVD",
"id": "CVE-2021-22400"
}
]
},
"id": "VAR-202108-0279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61420"
}
],
"trust": 1.0861111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61420"
}
]
},
"last_update_date": "2024-08-14T12:07:56.334000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20210721-01-phones",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210721-01-phones-en"
},
{
"title": "Patch for Huawei OxfordS-AN00A input verification error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/285561"
},
{
"title": "Huawei OxfordS-AN00A Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157526"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1780"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"db": "NVD",
"id": "CVE-2021-22400"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210721-01-phones-en"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072301"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22400"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210721-01-phones-cn"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"db": "VULMON",
"id": "CVE-2021-22400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1780"
},
{
"db": "NVD",
"id": "CVE-2021-22400"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"db": "VULMON",
"id": "CVE-2021-22400"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1780"
},
{
"db": "NVD",
"id": "CVE-2021-22400"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"date": "2021-08-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22400"
},
{
"date": "2022-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1780"
},
{
"date": "2021-08-03T14:15:08.187000",
"db": "NVD",
"id": "CVE-2021-22400"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-61420"
},
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22400"
},
{
"date": "2022-04-26T09:07:00",
"db": "JVNDB",
"id": "JVNDB-2021-009414"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1780"
},
{
"date": "2021-08-11T15:41:36.310000",
"db": "NVD",
"id": "CVE-2021-22400"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1780"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei\u00a0 smartphone \u00a0OxfordS-AN00A\u00a0 Input confirmation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}