CVE-2021-22324 – This vulnerability in Huawei smartphones involv... (How to Fix)

Q: What is the severity of CVE-2021-22324?

CVE-2021-22324 has a CVSS score of 7.5 (HIGH). This vulnerability in Huawei smartphones involves improper credentials management that could allow unauthorized access to sensitive data. It affects Huawei smartphone users who haven't applied security updates, potentially exposing personal information and device data to attackers.

📋 TL;DR

This vulnerability in Huawei smartphones involves improper credentials management that could allow unauthorized access to sensitive data. It affects Huawei smartphone users who haven't applied security updates, potentially exposing personal information and device data to attackers.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific affected versions not detailed in provided references

Operating Systems: HarmonyOS, EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects default configurations of Huawei smartphones. Exact model list not specified in provided references.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user credentials and sensitive data stored on the device, including authentication tokens, passwords, and personal information.

🟠

Likely Case

Unauthorized access to some stored credentials or sensitive application data, potentially leading to account compromise or privacy violations.

🟢

If Mitigated

Limited or no data exposure due to proper access controls, encryption, and timely patching.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some level of access to the device or user interaction. No public exploit code available based on provided information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates released in March 2021

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/3/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Download and install available security updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Disable unnecessary permissions

all

Review and restrict app permissions to minimize credential exposure

Enable device encryption

all

Ensure device encryption is enabled to protect stored data

🧯 If You Can't Patch

Restrict device to trusted networks only
Implement mobile device management (MDM) with strict security policies

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Build number. March 2021 or earlier patches indicate vulnerability.

Check Version:

No command line available for consumer devices. Check via Settings > About phone > Build number.

Verify Fix Applied:

Verify security patch level shows April 2021 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

Unusual credential access patterns
Failed authentication attempts from unexpected sources

Network Indicators:

Unexpected credential-related network traffic
Suspicious authentication requests

SIEM Query:

Not applicable for consumer mobile devices without enterprise monitoring

📊 Metadata

CVE ID: CVE-2021-22324

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: June 3, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/3/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/3/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON