Vulnerability-Lookup

CVE-2021-37101 (GCVE-0-2021-37101)

Vulnerability from cvelistv5 – Published: 2021-09-09 13:13 – Updated: 2024-08-04 01:09

Summary

Severity ?

No CVSS data available.

CWE

Improper Authorization

Assigner

huawei

References

URL

	Vendor	Product	Version
	n/a	AIS-BW50-00	Affected: 9.0.6.2(H100SP10C00),9.0.6.2(H100SP15C00)

FKIE_CVE-2021-37101

Vulnerability from fkie_nvd - Published: 2021-09-09 14:15 - Updated: 2024-11-21 06:14

Severity ?

6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@huawei.com	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	ais-bw50-00_firmware	9.0.6.2\(h100sp10c00\)
huawei	ais-bw50-00_firmware	9.0.6.2\(h100sp15c00\)
huawei	ais-bw50-00	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ais-bw50-00_firmware:9.0.6.2\\(h100sp10c00\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "516D3861-68A7-44DE-8F15-06611E9BAF50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:ais-bw50-00_firmware:9.0.6.2\\(h100sp15c00\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EECFD508-15BD-4B74-BCB8-05BCDEFD4AED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ais-bw50-00:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2213030F-6DBC-45A1-85D9-6676653109F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de autorizaci\u00f3n inapropiada en AIS-BW50-00 versiones 9.0.6.2(H100SP10C00) y 9.0.6.2(H100SP15C00). Debido a una administraci\u00f3n inapropiada de la autorizaci\u00f3n, un atacante puede explotar esta vulnerabilidad accediendo f\u00edsicamente al dispositivo e implantando c\u00f3digo malicioso. Una explotaci\u00f3n con \u00e9xito podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario en el dispositivo de destino"
    }
  ],
  "id": "CVE-2021-37101",
  "lastModified": "2024-11-21T06:14:39.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-09T14:15:08.780",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-84884

Vulnerability from cnvd - Published: 2021-11-08

Title

Huawei AIS-BW50-00授权问题漏洞

Description

Huawei AIS-BW50-00是中国华为（Huawei）公司的一款便携式蓝牙音箱。 Huawei AIS-BW50-00存在授权问题漏洞，该漏洞源于授权管理不当，攻击者可以通过物理访问设备并植入恶意代码来利用此漏洞进行攻击。成功利用此漏洞可能导致在目标设备中执行任意代码。

Severity

高

Patch Name

Huawei AIS-BW50-00不正确授权漏洞的补丁

Patch Description

Huawei AIS-BW50-00是中国华为（Huawei）公司的一款便携式蓝牙音箱。 Huawei AIS-BW50-00存在授权问题漏洞，该漏洞源于授权管理不当，攻击者可以通过物理访问设备并植入恶意代码来利用此漏洞进行攻击。成功利用此漏洞可能导致在目标设备中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en

Reference

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en

Impacted products

Name
['Huawei AIS-BW50-00 9.0.6.2(H100SP10C00)', 'Huawei AIS-BW50-00 9.0.6.2(H100SP15C00)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-37101",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-37101"
    }
  },
  "description": "Huawei AIS-BW50-00\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4fbf\u643a\u5f0f\u84dd\u7259\u97f3\u7bb1\u3002\n\nHuawei AIS-BW50-00\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6388\u6743\u7ba1\u7406\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u7269\u7406\u8bbf\u95ee\u8bbe\u5907\u5e76\u690d\u5165\u6076\u610f\u4ee3\u7801\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb\u3002\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u5728\u76ee\u6807\u8bbe\u5907\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-84884",
  "openTime": "2021-11-08",
  "patchDescription": "Huawei AIS-BW50-00\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4fbf\u643a\u5f0f\u84dd\u7259\u97f3\u7bb1\u3002\r\n\r\nHuawei AIS-BW50-00\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6388\u6743\u7ba1\u7406\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u7269\u7406\u8bbf\u95ee\u8bbe\u5907\u5e76\u690d\u5165\u6076\u610f\u4ee3\u7801\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb\u3002\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u5728\u76ee\u6807\u8bbe\u5907\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei AIS-BW50-00\u4e0d\u6b63\u786e\u6388\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei AIS-BW50-00 9.0.6.2(H100SP10C00)",
      "Huawei AIS-BW50-00 9.0.6.2(H100SP15C00)"
    ]
  },
  "referenceLink": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en",
  "serverity": "\u9ad8",
  "submitTime": "2021-09-11",
  "title": "Huawei AIS-BW50-00\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

GSD-2021-37101

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-37101

Aliases

CVE-2021-37101

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-37101",
    "description": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.",
    "id": "GSD-2021-37101"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-37101"
      ],
      "details": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.",
      "id": "GSD-2021-37101",
      "modified": "2023-12-13T01:23:10.288247Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2021-37101",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AIS-BW50-00",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.0.6.2(H100SP10C00),9.0.6.2(H100SP15C00)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en",
            "refsource": "MISC",
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ais-bw50-00_firmware:9.0.6.2\\(h100sp10c00\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ais-bw50-00_firmware:9.0.6.2\\(h100sp15c00\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ais-bw50-00:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2021-37101"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-09-24T20:20Z",
      "publishedDate": "2021-09-09T14:15Z"
    }
  }
}

VAR-202109-1642

Vulnerability from variot - Updated: 2024-08-14 12:30

There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device. AIS-BW50-00 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei AIS-BW50-00 is a portable bluetooth speaker of China's Huawei (Huawei) company. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1642",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ais-bw50-00 9.0.6.2",
        "scope": null,
        "trust": 1.2,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ais-bw50-00",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.0.6.2\\(h100sp10c00\\)"
      },
      {
        "model": "ais-bw50-00",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.0.6.2\\(h100sp15c00\\)"
      },
      {
        "model": "ais-bw50-00",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ais-bw50-00  firmware  9.0.6.2(h100sp15c00)"
      },
      {
        "model": "ais-bw50-00",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ais-bw50-00  firmware  9.0.6.2(h100sp10c00)"
      },
      {
        "model": "ais-bw50-00",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37101"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vulnerability was discovered by Huawei\u0027s internal testing",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-37101",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-37101",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2021-84884",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "id": "CVE-2021-37101",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-37101",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-37101",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-37101",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-84884",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-443",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-37101",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37101"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device. AIS-BW50-00 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei AIS-BW50-00 is a portable bluetooth speaker of China\u0027s Huawei (Huawei) company. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37101"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-37101",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021090904",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-443",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37101",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37101"
      }
    ]
  },
  "id": "VAR-202109-1642",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      }
    ],
    "trust": 1.2666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:30:58.004000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20210908-01-badauthorization",
        "trust": 0.8,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en"
      },
      {
        "title": "Patch for Huawei AIS-BW50-00 incorrect authorization vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/297511"
      },
      {
        "title": "Huawei AIS-BW50-00 Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161907"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37101"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37101"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021090904"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/863.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37101"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37101"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "date": "2021-09-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37101"
      },
      {
        "date": "2022-08-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "date": "2021-09-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-09T14:15:08.780000",
        "db": "NVD",
        "id": "CVE-2021-37101"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-84884"
      },
      {
        "date": "2021-09-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37101"
      },
      {
        "date": "2022-08-19T02:21:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      },
      {
        "date": "2022-05-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-05-03T16:04:40.443000",
        "db": "NVD",
        "id": "CVE-2021-37101"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AIS-BW50-00\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011970"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 1.2
  }
}

GHSA-FXFQ-QGMR-6PWM

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14

Details

Severity ?

6.8 (Medium)


                  
                    CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-37101"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-09T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.",
  "id": "GHSA-fxfq-qgmr-6pwm",
  "modified": "2022-05-24T19:14:01Z",
  "published": "2022-05-24T19:14:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37101"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-37101 (GCVE-0-2021-37101)

FKIE_CVE-2021-37101

CNVD-2021-84884

GSD-2021-37101

VAR-202109-1642

GHSA-FXFQ-QGMR-6PWM

Tags

Sightings

Nomenclature