CVE-2021-22488Link Following in Huawei Emui

CWE-59Link FollowingCWE-668Resource Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 63.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Magic UI
Timeline
PublishedOct 28
Latest updateMay 24

Description

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5huawei/emui10.1.1, 11.0.0+1
NVDhuawei/emui10.1.1, 11.0.0+1
CVEListV5huawei/magic_ui3.1.1, 4.0.0+1
NVDhuawei/magic_ui3.1.1, 4.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-9xf3-qh47-frwv: There is an Unauthorized file access vulnerability in Huawei Smartphone2022-05-24
CVEList
CVE-2021-22488: There is an Unauthorized file access vulnerability in Huawei Smartphone2021-10-28
CVE-2021-22488 — Link Following in Huawei Emui | cvebase