CVE-2021-37033 – This is an injection vulnerability in Huawei sm... (How to Fix)

Q: What is the severity of CVE-2021-37033?

CVE-2021-37033 has a CVSS score of 7.5 (HIGH). This is an injection vulnerability in Huawei smartphones that allows attackers to inject malicious input into affected systems. Successful exploitation could disrupt service availability on vulnerable devices. Huawei smartphone users with unpatched devices are affected.

📋 TL;DR

This is an injection vulnerability in Huawei smartphones that allows attackers to inject malicious input into affected systems. Successful exploitation could disrupt service availability on vulnerable devices. Huawei smartphone users with unpatched devices are affected.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific affected versions not detailed in provided references; check Huawei bulletins for exact models/versions.

Operating Systems: HarmonyOS, Android-based EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configurations of affected Huawei smartphone models.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption on affected smartphones, potentially rendering core functions unusable until device restart or factory reset.

🟠

Likely Case

Temporary service degradation or crashes of specific applications/services on the device.

🟢

If Mitigated

No impact if patched or if input validation prevents injection.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious content but could be delivered via web or messaging apps.

🏢 Internal Only: LOW - Primarily affects individual smartphone users rather than internal enterprise systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction or specific conditions for injection. CWE-74 indicates improper neutralization of special elements in output used by downstream components.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletins for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/8/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install available security updates. 3. Restart device after update completes.

🔧 Temporary Workarounds

Avoid untrusted inputs

all

Do not interact with suspicious links, messages, or applications that could trigger the injection.

🧯 If You Can't Patch

Restrict device to trusted applications only from official app stores
Implement mobile device management (MDM) controls to limit app installations and web access

🔍 How to Verify

Check if Vulnerable:

Check device model and software version in Settings > About phone, then compare with Huawei's security bulletin.

Check Version:

Settings > About phone > Software version

Verify Fix Applied:

Verify software version after update matches or exceeds patched version listed in Huawei advisory.

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes
Service termination logs
Abnormal input processing errors

Network Indicators:

Unusual outbound connections following suspicious input

SIEM Query:

Not typically applicable for consumer smartphone vulnerabilities

📊 Metadata

CVE ID: CVE-2021-37033

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-74

Published: November 23, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/8/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/8/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37033, you might also want to check these: