CVE-2021-37035 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2021-37035?

CVE-2021-37035 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to cause a denial of service (DoS) on affected Huawei smartphones by making the targeted app crash unexpectedly. The vulnerability affects Huawei smartphone users who haven't applied security patches. Successful exploitation doesn't require authentication and can be triggered remotely.

📋 TL;DR

This vulnerability allows remote attackers to cause a denial of service (DoS) on affected Huawei smartphones by making the targeted app crash unexpectedly. The vulnerability affects Huawei smartphone users who haven't applied security patches. Successful exploitation doesn't require authentication and can be triggered remotely.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in provided references, but Huawei's August 2021 security bulletin indicates affected devices

Operating Systems: HarmonyOS, Android-based EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects Huawei smartphones with unpatched software. Exact device models and versions would be specified in Huawei's detailed security bulletins.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Continuous DoS attacks could render the affected app unusable, potentially disrupting critical functionality if the app provides essential services.

🟠

Likely Case

Intermittent app crashes causing user frustration and temporary loss of functionality until the app is restarted.

🟢

If Mitigated

With proper patching, no impact as the vulnerability is fully addressed in updated versions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Remote DoS vulnerabilities typically have low exploitation complexity, though specific technical details aren't provided in the references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security patch level August 2021 or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/8/

Restart Required: Yes

Instructions:

1. Check for system updates in phone settings
2. Install August 2021 security patch or later
3. Restart device after update installation

🔧 Temporary Workarounds

Disable affected app

all

Temporarily disable or uninstall the vulnerable app until patched

Network isolation

all

Restrict network access to the device to trusted networks only

🧯 If You Can't Patch

Isolate device from untrusted networks
Monitor for abnormal app behavior and crashes

🔍 How to Verify

Check if Vulnerable:

Check security patch level in phone settings (Settings > System & updates > Software update)

Check Version:

Not applicable - check via phone settings interface

Verify Fix Applied:

Confirm security patch level is August 2021 or later

📡 Detection & Monitoring

Log Indicators:

Unexpected app crashes
App force close events in system logs

Network Indicators:

Unusual network traffic patterns to the device

SIEM Query:

Not applicable for consumer devices without centralized logging

📊 Metadata

CVE ID: CVE-2021-37035

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: November 23, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/8/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/8/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON