Login Sign Up

CVE-2021-37053

7.5 HIGH
Denial of Service

📋 TL;DR

A service logic vulnerability in Huawei smartphones allows attackers to cause denial of service on WLAN functionality. This affects Huawei devices running HarmonyOS or EMUI. Successful exploitation disrupts wireless network connectivity on affected devices.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: HarmonyOS 2.0 versions before 2.0.0.230, EMUI versions before specific security patches in September/October 2021
Operating Systems: HarmonyOS, EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with WLAN enabled. Specific models not detailed in public advisories.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete WLAN service disruption requiring device restart, potentially affecting critical communications and device functionality.

🟠

Likely Case

Temporary WLAN connectivity loss requiring user intervention to restore network access.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated devices.

🌐 Internet-Facing: MEDIUM - Requires proximity to target device but can be exploited over wireless networks.
🏢 Internal Only: MEDIUM - Internal attackers with network access could disrupt WLAN services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted packets to the device's WLAN interface. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS 2.0.0.230 and later, EMUI security patches September/October 2021

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/9/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings. 2. Install available security updates. 3. Restart device after installation.

🔧 Temporary Workarounds

Disable WLAN when not in use

all

Turn off wireless networking to prevent exploitation

Use wired connections

all

Connect via USB tethering or Ethernet adapter instead of WLAN

🧯 If You Can't Patch

  • Segment wireless networks to limit exposure
  • Monitor for unusual WLAN disconnection patterns

🔍 How to Verify

Check if Vulnerable:

Check device OS version in Settings > About phone > HarmonyOS/EMUI version

Check Version:

Not applicable - check via device Settings GUI

Verify Fix Applied:

Verify OS version is HarmonyOS 2.0.0.230+ or check security patch level is September 2021 or later

📡 Detection & Monitoring

Log Indicators:

  • Unexpected WLAN service crashes
  • Frequent WLAN disconnections

Network Indicators:

  • Unusual broadcast/multicast packets targeting WLAN interfaces

SIEM Query:

Not provided - monitor for WLAN service anomalies

📊 Metadata

CVE ID: CVE-2021-37053
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: December 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON