CVE-2021-36991Improper Input Validation in Huawei Emui

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 64.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Magic UI
Timeline
PublishedOct 28
Latest updateMay 24

Description

There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5huawei/emui10.1.1, 11.0.0+1
NVDhuawei/emui10.1.1, 11.0.0+1
CVEListV5huawei/magic_ui3.1.1, 4.0.0+1
NVDhuawei/magic_ui3.1.1, 4.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-97w8-6jxc-j73w: There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input2022-05-24
CVEList
CVE-2021-36991: There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input2021-10-28
CVE-2021-36991 — Improper Input Validation in Huawei | cvebase