CVE-2021-22401 – CVE-2021-22401 is a remote denial-of-service vu... (How to Fix)

Q: What is the severity of CVE-2021-22401?

CVE-2021-22401 has a CVSS score of 7.5 (HIGH). CVE-2021-22401 is a remote denial-of-service vulnerability affecting certain Huawei smartphones. Successful exploitation could allow an attacker to disrupt services on affected devices, potentially rendering them unresponsive or unstable. This vulnerability affects Huawei smartphone users with specific software versions.

📋 TL;DR

CVE-2021-22401 is a remote denial-of-service vulnerability affecting certain Huawei smartphones. Successful exploitation could allow an attacker to disrupt services on affected devices, potentially rendering them unresponsive or unstable. This vulnerability affects Huawei smartphone users with specific software versions.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in provided references; users should check Huawei bulletins for exact affected versions.

Operating Systems: Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects service integrity on Huawei smartphones; exact models and configurations require checking Huawei's official bulletins.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption on affected smartphones, potentially requiring device restart or factory reset to restore functionality.

🟠

Likely Case

Temporary service degradation or application crashes on affected devices.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated devices.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Remote exploitation possible; specific technical details not publicly disclosed in provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletins for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/7/

Restart Required: Yes

Instructions:

1. Check for security updates in device Settings > System & updates > Software update. 2. Install any available security patches. 3. Restart device after update completion.

🔧 Temporary Workarounds

Network segmentation

all

Limit network exposure of affected devices to untrusted networks

Disable unnecessary services

all

Turn off Bluetooth, Wi-Fi, and other network services when not in use

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Monitor device behavior for unusual crashes or performance issues

🔍 How to Verify

Check if Vulnerable:

Check device software version in Settings > About phone > Build number and compare with Huawei security bulletins

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Verify security patch level in Settings > About phone > Build number shows July 2021 or later security patch

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes
System stability issues
Network connection anomalies

Network Indicators:

Unusual network traffic patterns to/from Huawei devices
Connection attempts to unexpected ports

SIEM Query:

device_vendor:Huawei AND (event_type:crash OR event_type:service_stop)

📊 Metadata

CVE ID: CVE-2021-22401

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: October 28, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON