CVE-2021-40043 — HIGH (7.8)

Q: How severe is CVE-2021-40043?

CVE-2021-40043 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-40043?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ais-Bw80H-00 Firmware, Huawei Ais-Bw80H-00.

Vulnerability Description

The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ais-Bw80H-00 Firmware	< 9.0.3.4\(h100sp13c00\)
Huawei	Ais-Bw80H-00	-

Related Weaknesses (CWE)

CWE-77

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df7586Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df7586Vendor Advisory

FAQ

What is CVE-2021-40043?

CVE-2021-40043 is a vulnerability with a CVSS score of 7.8 (HIGH). The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference....

How severe is CVE-2021-40043?

CVE-2021-40043 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-40043?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ais-Bw80H-00 Firmware, Huawei Ais-Bw80H-00.