CVE-2021-22398

MEDIUM

Huawei Smartphones Digital Balance - Logic Error Bypass

Title source: manual

Description

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en

Scores

CVSS v3 4.6

EPSS 0.0002

EPSS Percentile 7.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-863

Status published

Products (4)

huawei/hulk-al00c_firmware 9.1.1.201\(c00e201r8p1\)

huawei/jennifer-an00c_firmware 10.1.1.171\(c00e170r6p3\)

huawei/jenny-al10b_firmware 10.1.0.228\(c00e220r5p1\)

huawei/oxfordpl-an10b_firmware 10.1.0.116\(c00e110r2p1\)

Published Aug 02, 2021

Tracked Since Feb 18, 2026