CVE-2021-22400: Input Validation
First published: Tue Aug 03 2021(Updated: )
Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Affected product include:OxfordS-AN00A 10.0.1.10(C00E10R1P1),10.0.1.105(C00E103R3P3),10.0.1.115(C00E110R3P3),10.0.1.123(C00E121R3P3),10.0.1.135(C00E130R3P3),10.0.1.135(C00E130R4P1),10.0.1.152(C00E140R4P1),10.0.1.160(C00E160R4P1),10.0.1.167(C00E166R4P1),10.0.1.173(C00E172R5P1),10.0.1.178(C00E175R5P1) and 10.1.0.202(C00E79R5P1).
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei OxfordS-AN00A | =10.0.1.10\(c00e10r1p1\) | |
| Huawei OxfordS-AN00A | =10.0.1.105\(c00e103r3p3\) | |
| Huawei OxfordS-AN00A | =10.0.1.115\(c00e110r3p3\) | |
| Huawei OxfordS-AN00A | =10.0.1.123\(c00e121r3p3\) | |
| Huawei OxfordS-AN00A | =10.0.1.135\(c00e130r3p3\) | |
| Huawei OxfordS-AN00A | =10.0.1.135\(c00e130r4p1\) | |
| Huawei OxfordS-AN00A | =10.0.1.152\(c00e140r4p1\) | |
| Huawei OxfordS-AN00A | =10.0.1.160\(c00e160r4p1\) | |
| Huawei OxfordS-AN00A | =10.0.1.167\(c00e166r4p1\) | |
| Huawei OxfordS-AN00A | =10.0.1.173\(c00e172r5p1\) | |
| Huawei OxfordS-AN00A | =10.0.1.178\(c00e175r5p1\) | |
| Huawei OxfordS-AN00A | =10.1.0.202\(c00e79r5p1\) | |
| Huawei OxfordS-AN00A firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-22400?
The severity of CVE-2021-22400 is classified as high due to its potential to allow attackers to crash the system via malicious applications.
How do I fix CVE-2021-22400?
To fix CVE-2021-22400, users should update their Huawei OxfordS-AN00A devices to the latest firmware version that addresses this vulnerability.
Which devices are affected by CVE-2021-22400?
CVE-2021-22400 affects Huawei OxfordS-AN00A devices running specific firmware versions including 10.0.1.10, 10.0.1.105, and several others.
What can an attacker do with CVE-2021-22400?
An attacker exploiting CVE-2021-22400 can trick users into installing harmful apps that modify parameters, leading to a system crash.
Is there a workaround for CVE-2021-22400?
Currently, there is no official workaround for CVE-2021-22400 other than applying the available firmware updates to affected devices.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei oxfords-an00a
- version/huawei oxfords-an00a/10.0.1.10\(c00e10r1p1\)
- version/huawei oxfords-an00a/10.0.1.105\(c00e103r3p3\)
- version/huawei oxfords-an00a/10.0.1.115\(c00e110r3p3\)
- version/huawei oxfords-an00a/10.0.1.123\(c00e121r3p3\)
- version/huawei oxfords-an00a/10.0.1.135\(c00e130r3p3\)
- version/huawei oxfords-an00a/10.0.1.135\(c00e130r4p1\)
- version/huawei oxfords-an00a/10.0.1.152\(c00e140r4p1\)
- version/huawei oxfords-an00a/10.0.1.160\(c00e160r4p1\)
- version/huawei oxfords-an00a/10.0.1.167\(c00e166r4p1\)
- version/huawei oxfords-an00a/10.0.1.173\(c00e172r5p1\)
- version/huawei oxfords-an00a/10.0.1.178\(c00e175r5p1\)
- version/huawei oxfords-an00a/10.1.0.202\(c00e79r5p1\)
- canonical/huawei oxfords-an00a firmware