CVE-2021-37104: SSRF
First published: Tue Sep 28 2021(Updated: )
There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei P40 Firmware | =10.1.0.118\(c00e116r3p3\) | |
| HUAWEI P40 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-37104?
The severity of CVE-2021-37104 is high with a score of 7.5.
What is the vulnerability type of CVE-2021-37104?
CVE-2021-37104 is a server-side request forgery (SSRF) vulnerability.
How does the SSRF vulnerability in CVE-2021-37104 occur?
The SSRF vulnerability in CVE-2021-37104 occurs due to insufficient validation of parameters while processing messages.
What is the impact of exploiting CVE-2021-37104?
Exploiting CVE-2021-37104 can allow an attacker to gain unauthorized access to certain resources.
Is there a fix available for CVE-2021-37104?
It is recommended to apply the security patches provided by Huawei to fix CVE-2021-37104.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei p40 firmware
- version/huawei p40 firmware/10.1.0.118\(c00e116r3p3\)
- canonical/huawei p40