Vulnerability-Lookup

CNVD-2021-100795

Vulnerability from cnvd - Published: 2021-12-20

Title

Huawei WATCH Kid输入验证错误漏洞

Description

Huawei WATCH Kid是中国华为（Huawei）公司的一款儿童手表。 Huawei WATCH Kid在1.0.0.608版本存在输入验证错误漏洞，该漏洞源于本地网络上的远程攻击者可利用该漏洞可以将用户添加为好友，而不需要在目标设备中提示。远程攻击者可利用该漏洞危及目标系统。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.cybersecurity-help.cz/vdb/SB2021062802

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-22449

Impacted products

Name
Huawei Huawei WATCH Kid 1.0.0.608

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22449",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22449"
    }
  },
  "description": "Huawei WATCH Kid\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u513f\u7ae5\u624b\u8868\u3002\n\nHuawei WATCH Kid\u57281.0.0.608\u7248\u672c\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672c\u5730\u7f51\u7edc\u4e0a\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u5c06\u7528\u6237\u6dfb\u52a0\u4e3a\u597d\u53cb\uff0c\u800c\u4e0d\u9700\u8981\u5728\u76ee\u6807\u8bbe\u5907\u4e2d\u63d0\u793a\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5371\u53ca\u76ee\u6807\u7cfb\u7edf\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.cybersecurity-help.cz/vdb/SB2021062802",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-100795",
  "openTime": "2021-12-20",
  "products": {
    "product": "Huawei Huawei WATCH Kid 1.0.0.608"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-22449",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-29",
  "title": "Huawei WATCH Kid\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2021-22449 (GCVE-0-2021-22449)

Vulnerability from cvelistv5 – Published: 2021-08-23 19:32 – Updated: 2024-08-03 18:44

Summary

There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.

Severity ?

No CVSS data available.

CWE

Logic vulnerability

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Elf-G10HN	Affected: 1.0.0.608

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:44:13.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Elf-G10HN",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.608"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Logic vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-23T19:32:32",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2021-22449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Elf-G10HN",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.0.608"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Logic vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2021-22449",
    "datePublished": "2021-08-23T19:32:32",
    "dateReserved": "2021-01-05T00:00:00",
    "dateUpdated": "2024-08-03T18:44:13.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-100795

CVE-2021-22449 (GCVE-0-2021-22449)

Tags

Sightings

Nomenclature