Login Sign Up

CVE-2021-22368

7.5 HIGH

📋 TL;DR

This CVE describes a permission control vulnerability in Huawei smartphones where improper access controls allow unauthorized actions. The vulnerability affects Huawei smartphone users running specific EMUI versions. Successful exploitation could compromise device functionality and user data.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: EMUI 11.0.0, EMUI 11.0.1
Operating Systems: Android-based EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Specific device models not specified in available references; vulnerability appears to affect EMUI permission framework.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing unauthorized access to sensitive data, system functions, or installation of malicious apps without user consent.

🟠

Likely Case

Unauthorized access to certain device functions or data, potentially affecting privacy and device stability.

🟢

If Mitigated

Limited impact with proper security controls and updated software, maintaining normal device operation.

🌐 Internet-Facing: LOW (Primarily requires local access or malicious app installation)
🏢 Internal Only: MEDIUM (Requires local device access or malicious app execution)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: EMUI 11.0.1.195 (C00E195R5P5) or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/5/

Restart Required: Yes

Instructions:

1. Check for updates in Settings > System & updates > Software update. 2. Download and install available security updates. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Huawei AppGallery

Settings > Security > More settings > Install apps from external sources > Disable

Review app permissions

android

Regularly audit and restrict unnecessary app permissions

Settings > Apps > [App Name] > Permissions > Review and disable unnecessary permissions

🧯 If You Can't Patch

  • Disable installation from unknown sources in device security settings
  • Use mobile security software to detect and block malicious applications

🔍 How to Verify

Check if Vulnerable:

Check EMUI version in Settings > About phone > EMUI version. If version is 11.0.0 or 11.0.1 (before 11.0.1.195), device is vulnerable.

Check Version:

Settings > About phone > EMUI version

Verify Fix Applied:

Verify EMUI version is 11.0.1.195 (C00E195R5P5) or later in Settings > About phone > EMUI version.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected permission requests in system logs
  • Unauthorized access attempts to protected resources

Network Indicators:

  • Unusual network activity from apps with minimal permissions

SIEM Query:

Not applicable for consumer mobile devices; use mobile device management (MDM) solutions for enterprise environments.

📊 Metadata

CVE ID: CVE-2021-22368
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-276
Published: June 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22368, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)