VAR-202102-0642
Vulnerability from variot - Updated: 2023-12-18 13:12There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. Taurus-AL00A Is vulnerable to an out-of-bounds read.Information is obtained and denial of service (DoS) It may be put into a state. Huawei Taurus-AL00A is a smartphone of China's Huawei (Huawei) company. The vulnerability stems from the program's failure to properly validate certain inputs. Attackers can use some apps to send malicious messages to the module to use this vulnerability to cause out-of-bounds and affect the normal use of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0642",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "taurus-al00a",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.0.1\\(c00e1r1p1\\)"
},
{
"model": "taurus-al00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "taurus-al00a",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "taurus-al00a firmware 10.0.0.1(c00e1r1p1)"
},
{
"model": "taurus-al00a 10.0.0.1",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"db": "NVD",
"id": "CVE-2021-22302"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:taurus-al00a_firmware:10.0.0.1\\(c00e1r1p1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:taurus-al00a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22302"
}
]
},
"cve": "CVE-2021-22302",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-22302",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-07515",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22302",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22302",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-07515",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-559",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"db": "NVD",
"id": "CVE-2021-22302"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. Taurus-AL00A Is vulnerable to an out-of-bounds read.Information is obtained and denial of service (DoS) It may be put into a state. Huawei Taurus-AL00A is a smartphone of China\u0027s Huawei (Huawei) company. The vulnerability stems from the program\u0027s failure to properly validate certain inputs. Attackers can use some apps to send malicious messages to the module to use this vulnerability to cause out-of-bounds and affect the normal use of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22302"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"db": "VULMON",
"id": "CVE-2021-22302"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22302",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003371",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-07515",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-559",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22302",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"db": "VULMON",
"id": "CVE-2021-22302"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"db": "NVD",
"id": "CVE-2021-22302"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
]
},
"id": "VAR-202102-0642",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07515"
}
],
"trust": 1.05833334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07515"
}
]
},
"last_update_date": "2023-12-18T13:12:39.924000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20210127-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-smartphone-en"
},
{
"title": "Patch for Huawei Taurus-AL00A out-of-bounds read vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/245981"
},
{
"title": "Huawei Taurus-AL00A Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141727"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"db": "NVD",
"id": "CVE-2021-22302"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22302"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210127-01-smartphone-cn"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"db": "VULMON",
"id": "CVE-2021-22302"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"db": "NVD",
"id": "CVE-2021-22302"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"db": "VULMON",
"id": "CVE-2021-22302"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"db": "NVD",
"id": "CVE-2021-22302"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"date": "2021-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22302"
},
{
"date": "2021-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"date": "2021-02-06T03:15:12.827000",
"db": "NVD",
"id": "CVE-2021-22302"
},
{
"date": "2021-02-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-07515"
},
{
"date": "2021-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22302"
},
{
"date": "2021-10-25T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-003371"
},
{
"date": "2021-02-10T22:52:49.420000",
"db": "NVD",
"id": "CVE-2021-22302"
},
{
"date": "2021-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taurus-AL00A\u00a0 Out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003371"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-559"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…