Login Sign Up

CVE-2021-22352

7.8 HIGH

📋 TL;DR

This configuration defect vulnerability in Huawei smartphones allows attackers to hijack devices and create fake user interfaces to trick users into executing malicious commands. The vulnerability affects Huawei smartphone users who haven't applied security patches. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: Specific affected versions not detailed in provided references, but vulnerability was disclosed in May 2021 affecting devices prior to security updates
Operating Systems: HarmonyOS, EMUI (Huawei's Android-based OS)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability affects Huawei smartphones with specific configurations that allow UI spoofing attacks

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to steal sensitive data, install persistent malware, monitor user activities, and use the device as part of a botnet.

🟠

Likely Case

Attackers create convincing fake login screens or system prompts to harvest credentials, install malicious apps, or gain unauthorized access to device functions.

🟢

If Mitigated

With proper security controls and user awareness, the risk is reduced to occasional phishing attempts that educated users can recognize and avoid.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction with forged UI elements, making it a social engineering component attack

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates released in May 2021 and later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/5/

Restart Required: Yes

Instructions:

1. Check for available updates in Settings > System & updates > Software update. 2. Download and install the latest security update. 3. Restart the device after installation completes.

🔧 Temporary Workarounds

Disable unknown sources installation

all

Prevents installation of apps from sources other than official app stores

Settings > Security > Install unknown apps > Disable for all apps

Enable app verification

all

Turns on Play Protect or Huawei's built-in app scanning

Settings > Security > Verify apps > Enable scanning

🧯 If You Can't Patch

  • Educate users about recognizing suspicious UI prompts and never entering credentials in unexpected dialogs
  • Implement mobile device management (MDM) policies to restrict app installations and monitor for suspicious activities

🔍 How to Verify

Check if Vulnerable:

Check if device has security patch level older than May 2021 in Settings > About phone > Build number

Check Version:

Settings > About phone > Build number (no CLI command available)

Verify Fix Applied:

Verify security patch level is May 2021 or newer in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

  • Unusual permission requests from apps
  • Multiple failed authentication attempts from unexpected sources
  • Installation of apps from unknown sources

Network Indicators:

  • Connections to suspicious domains shortly after user interacts with system prompts
  • Unusual outbound traffic patterns

SIEM Query:

device.vendor:"Huawei" AND event.action:"app_install" AND source:"unknown"

📊 Metadata

CVE ID: CVE-2021-22352
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: June 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON