CVE-2021-37040

CRITICAL

Huawei Harmonyos < 2.0 - Privilege Escalation

Title source: rule

Description

There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.

References (2)

[Vendor Advisory] https://consumer.huawei.com/en/support/bulletin/2021/9/

[Vendor Advisory] https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Scores

CVSS v3 9.8

EPSS 0.0025

EPSS Percentile 48.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-88

Status published

Products (3)

huawei/emui 11.0.0

huawei/harmonyos < 2.0

huawei/magic_ui 4.0.0

Published Dec 08, 2021

Tracked Since Feb 18, 2026