PT-2021-14965 · Huawei · Huawei P30
Published
2021-04-28
·
Updated
2021-05-08
·
CVE-2021-22331
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11)
HUAWEI P30 versions earlier than 11.0.0.118(C635E2R1P3)
HUAWEI P30 versions earlier than 11.0.0.120(C00E120R2P5)
HUAWEI P30 versions earlier than 11.0.0.138(C10E4R5P3)
HUAWEI P30 versions earlier than 11.0.0.138(C185E4R7P3)
HUAWEI P30 versions earlier than 11.0.0.138(C432E8R2P3)
HUAWEI P30 versions earlier than 11.0.0.138(C461E4R3P3)
HUAWEI P30 versions earlier than 11.0.0.138(C605E4R1P3)
HUAWEI P30 versions earlier than 11.0.0.138(C636E4R3P3)
Description:
There is a JavaScript injection issue in certain Huawei smartphones due to insufficient input verification by a module. Attackers can exploit this by sending a malicious application request to launch JavaScript injection, potentially compromising normal service.
Recommendations:
For HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), update to version 10.1.0.165(C01E165R2P11) or later.
For HUAWEI P30 versions earlier than 11.0.0.118(C635E2R1P3), update to version 11.0.0.118(C635E2R1P3) or later.
For HUAWEI P30 versions earlier than 11.0.0.120(C00E120R2P5), update to version 11.0.0.120(C00E120R2P5) or later.
For HUAWEI P30 versions earlier than 11.0.0.138(C10E4R5P3), update to version 11.0.0.138(C10E4R5P3) or later.
For HUAWEI P30 versions earlier than 11.0.0.138(C185E4R7P3), update to version 11.0.0.138(C185E4R7P3) or later.
For HUAWEI P30 versions earlier than 11.0.0.138(C432E8R2P3), update to version 11.0.0.138(C432E8R2P3) or later.
For HUAWEI P30 versions earlier than 11.0.0.138(C461E4R3P3), update to version 11.0.0.138(C461E4R3P3) or later.
For HUAWEI P30 versions earlier than 11.0.0.138(C605E4R1P3), update to version 11.0.0.138(C605E4R1P3) or later.
For HUAWEI P30 versions earlier than 11.0.0.138(C636E4R3P3), update to version 11.0.0.138(C636E4R3P3) or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei P30