CVE-2021-37133 – CVE-2021-37133 is an unauthorized file access v... (How to Fix)

Q: What is the severity of CVE-2021-37133?

CVE-2021-37133 has a CVSS score of 7.5 (HIGH). CVE-2021-37133 is an unauthorized file access vulnerability affecting certain Huawei smartphones running HarmonyOS. This vulnerability allows attackers to access sensitive files without proper authorization, potentially compromising service confidentiality. The issue affects specific Huawei device models with vulnerable HarmonyOS versions.

📋 TL;DR

CVE-2021-37133 is an unauthorized file access vulnerability affecting certain Huawei smartphones running HarmonyOS. This vulnerability allows attackers to access sensitive files without proper authorization, potentially compromising service confidentiality. The issue affects specific Huawei device models with vulnerable HarmonyOS versions.

💻 Affected Systems

Products:

Huawei smartphones with HarmonyOS

Versions: Specific HarmonyOS versions as detailed in Huawei security bulletins from November 2021

Operating Systems: HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Exact affected models and versions are specified in Huawei's security bulletins. Users should check their specific device against the vendor advisories.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive user data including personal files, authentication tokens, or configuration files, leading to complete compromise of device confidentiality and potential follow-on attacks.

🟠

Likely Case

Local attackers or malicious apps could access restricted files they shouldn't have permission to view, potentially exposing personal information or system configuration details.

🟢

If Mitigated

With proper security controls and patching, the vulnerability is eliminated, preventing unauthorized file access entirely.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the device, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Malicious apps or local attackers could exploit this, but physical access or app installation privileges are typically required.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation. No public exploit code was found in available references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS security updates from November 2021 onward

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/11/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings > System & updates > Software update. 2. Install available security updates. 3. Restart device after update completes.

🔧 Temporary Workarounds

Restrict app permissions

all

Limit app permissions to minimum required, especially file access permissions

Avoid untrusted apps

all

Only install apps from official Huawei AppGallery and avoid sideloading untrusted applications

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement mobile device management (MDM) controls to restrict app installations and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check device HarmonyOS version in Settings > About phone > HarmonyOS version and compare against Huawei's November 2021 security bulletins

Check Version:

Settings > About phone > HarmonyOS version (no CLI command available)

Verify Fix Applied:

Verify HarmonyOS version is updated to a version after the November 2021 security patches mentioned in Huawei advisories

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from apps
Permission violation attempts in system logs

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Not applicable for typical mobile device scenarios

📊 Metadata

CVE ID: CVE-2021-37133

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: January 3, 2022

Last Updated: May 22, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/11/ Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667 Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/11/ Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict app permissions

Avoid untrusted apps

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export