CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).

Published: Apr 28, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22331
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
huawei / p30_firmware	-	10.1.0.165\(c01e165r2p11\)
huawei / p30_firmware	-	11.0.0.118\(c635e2r1p3\)
huawei / p30_firmware	-	11.0.0.120\(c00e120r2p5\)
huawei / p30_firmware	-	11.0.0.138\(c10e4r5p3\)
huawei / p30_firmware	-	11.0.0.138\(c185e4r7p3\)
huawei / p30_firmware	-	11.0.0.138\(c432e8r2p3\)
huawei / p30_firmware	-	11.0.0.138\(c461e4r3p3\)
huawei / p30_firmware	-	11.0.0.138\(c605e4r1p3\)
huawei / p30_firmware	-	11.0.0.138\(c636e4r3p3\)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en

Vulnerability Database

289,697

CVE-2021-22331