There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).
References
Link | Resource |
---|---|
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
08 May 2021, 03:26
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 | |
References | (MISC) https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:* |
28 Apr 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-28 13:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-22331
Mitre link : CVE-2021-22331
CVE.ORG link : CVE-2021-22331
JSON object : View
Products Affected
huawei
- p30_firmware
- p30
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')