CVE-2021-37104Server-Side Request Forgery in Huawei P40 Firmware

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 67.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei P40 Firmware
Timeline
PublishedSep 28
Latest updateMay 24

Description

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDhuawei/p40_firmware10.1.0.118\(c00e116r3p3\)

🔴Vulnerability Details

2
GHSA
GHSA-5xjp-m73q-2884: There is a server-side request forgery vulnerability in HUAWEI P40 versions 102022-05-24
CVEList
CVE-2021-37104: There is a server-side request forgery vulnerability in HUAWEI P40 versions 102021-09-28
CVE-2021-37104 — Server-Side Request Forgery in Huawei | cvebase