Login Sign Up

CVE-2021-22313

7.5 HIGH

📋 TL;DR

This Huawei smartphone security function vulnerability allows attackers to compromise data confidentiality when exploited. The vulnerability affects Huawei smartphone users running specific software versions. Successful exploitation could lead to unauthorized access to sensitive information stored on the device.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: Specific versions not detailed in available references; affected versions listed in Huawei security bulletins
Operating Systems: Android-based Huawei EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability affects security functions within Huawei's smartphone software stack; exact component not specified in available information

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all user data including personal information, authentication credentials, and sensitive files stored on the device.

🟠

Likely Case

Targeted data exfiltration of specific sensitive information such as contacts, messages, or app data.

🟢

If Mitigated

Limited data exposure due to encryption or access controls preventing full system compromise.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires some level of access or interaction with the device; no public exploit code available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific patch versions detailed in Huawei security bulletins

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/2/

Restart Required: Yes

Instructions:

1. Check for available updates in Settings > System & updates > Software update. 2. Download and install the latest security patch. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary permissions

all

Review and restrict app permissions to minimize attack surface

Enable device encryption

all

Ensure device encryption is active to protect data at rest

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement mobile device management (MDM) controls to restrict data access

🔍 How to Verify

Check if Vulnerable:

Check device software version in Settings > About phone > Build number and compare against Huawei's security bulletin

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Verify software version has been updated to a version beyond those listed in the vulnerability bulletin

📡 Detection & Monitoring

Log Indicators:

  • Unusual permission requests
  • Security function failures
  • Unexpected data access patterns

Network Indicators:

  • Suspicious data exfiltration patterns from mobile devices

SIEM Query:

device_type="mobile" AND (event_category="security_violation" OR data_transfer_size>threshold)

📊 Metadata

CVE ID: CVE-2021-22313
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: June 3, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON