Vulnerability Description
There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Hulk-Al00C Firmware | 9.1.1.201\(c00e201r8p1\) |
| Huawei | Hulk-Al00C | - |
| Huawei | Jennifer-An00C Firmware | 10.1.1.171\(c00e170r6p3\) |
| Huawei | Jennifer-An00C | - |
| Huawei | Jenny-Al10B Firmware | 10.1.0.228\(c00e220r5p1\) |
| Huawei | Jenny-Al10B | - |
| Huawei | Oxfordpl-An10B Firmware | 10.1.0.116\(c00e110r2p1\) |
| Huawei | Oxfordpl-An10B | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartpVendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartpVendor Advisory
FAQ
What is CVE-2021-22398?
CVE-2021-22398 is a vulnerability with a CVSS score of 4.6 (MEDIUM). There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attac...
How severe is CVE-2021-22398?
CVE-2021-22398 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22398?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Hulk-Al00C Firmware, Huawei Hulk-Al00C, Huawei Jennifer-An00C Firmware, Huawei Jennifer-An00C, Huawei Jenny-Al10B Firmware.