Login Sign Up

CVE-2021-22414

7.5 HIGH
Buffer Overflow

📋 TL;DR

This is a memory buffer overflow vulnerability (CWE-787) affecting Huawei smartphones. Successful exploitation could allow attackers to cause system resets or potentially execute arbitrary code. The vulnerability affects specific Huawei smartphone models running vulnerable software versions.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: Specific versions as listed in Huawei security bulletins from June 2021
Operating Systems: Android-based Huawei EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Exact models and versions detailed in Huawei's June 2021 security bulletins

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

System crashes, denial of service, or temporary device unavailability requiring reboot

🟢

If Mitigated

Limited impact with proper patching and security controls in place

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

CVSS 7.5 suggests attacker needs some access/privileges but exploitation details not publicly available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates from June 2021 onward

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/6/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Download and install available security updates. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary features

all

Reduce attack surface by disabling unused apps, services, and connectivity options

Network segmentation

all

Isolate affected devices from critical networks and internet access

🧯 If You Can't Patch

  • Isolate affected devices from corporate networks and internet
  • Implement strict access controls and monitor for unusual device behavior

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Build number against Huawei's June 2021 security bulletin

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Verify software version is updated beyond June 2021 security patches

📡 Detection & Monitoring

Log Indicators:

  • Unexpected system crashes
  • Memory-related errors in system logs
  • Abnormal process terminations

Network Indicators:

  • Unusual network traffic from affected devices
  • Connection attempts to suspicious endpoints

SIEM Query:

device.vendor:"Huawei" AND event.category:"crash" OR event.category:"memory"

📊 Metadata

CVE ID: CVE-2021-22414
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: August 2, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22414, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)