CVE-2021-36995 – This vulnerability in Huawei smartphones allows... (How to Fix)

Q: What is the severity of CVE-2021-36995?

CVE-2021-36995 has a CVSS score of 7.5 (HIGH). This vulnerability in Huawei smartphones allows attackers to access and modify files restored from backups by exploiting soft link manipulation. It affects Huawei smartphone users who restore data from backups. The attack requires local access to the device.

📋 TL;DR

This vulnerability in Huawei smartphones allows attackers to access and modify files restored from backups by exploiting soft link manipulation. It affects Huawei smartphone users who restore data from backups. The attack requires local access to the device.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in available references; affects multiple Huawei smartphone models as per July 2021 security bulletin

Operating Systems: HarmonyOS, EMUI (Huawei's Android-based OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability specifically affects file restoration from backup functionality; requires backup operations to be present

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could tamper with critical system files, install malware, or steal sensitive user data from backup-restored files, potentially leading to complete device compromise.

🟠

Likely Case

Local attackers with physical access could modify user data or configuration files restored from backups, potentially enabling privilege escalation or data theft.

🟢

If Mitigated

With proper access controls and backup validation, impact is limited to unauthorized file access without broader system compromise.

🌐 Internet-Facing: LOW - Requires local device access, not remotely exploitable over networks.

🏢 Internal Only: MEDIUM - Physical device access required, but could be exploited by malicious insiders or through lost/stolen devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to device and knowledge of backup file structure; involves symbolic link manipulation techniques

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2021 security update and later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/7/

Restart Required: Yes

Instructions:

1. Go to Settings > System & updates > Software update. 2. Check for updates. 3. Install July 2021 or later security update. 4. Restart device after installation.

🔧 Temporary Workarounds

Disable automatic backup restoration

all

Prevent automatic restoration of backups which could be exploited

Use trusted backup sources only

all

Only restore backups from known, trusted sources to prevent malicious file manipulation

🧯 If You Can't Patch

Avoid restoring backups from untrusted sources
Physically secure devices to prevent unauthorized local access

🔍 How to Verify

Check if Vulnerable:

Check if device has July 2021 security update installed via Settings > About phone > Build number

Check Version:

Settings > About phone > Build number (no CLI command available)

Verify Fix Applied:

Confirm July 2021 or later security patch is installed and device has been restarted

📡 Detection & Monitoring

Log Indicators:

Unusual backup restoration activities
File permission changes in backup directories

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

Not applicable for mobile device local file access vulnerabilities

📊 Metadata

CVE ID: CVE-2021-36995

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Published: October 28, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON