Login Sign Up

CVE-2021-46812

7.5 HIGH

📋 TL;DR

This vulnerability in Huawei Device Manager allows attackers to compromise data integrity during multi-device interactions. It affects Huawei devices running HarmonyOS. Successful exploitation could allow unauthorized data manipulation between connected devices.

💻 Affected Systems

Products:
  • Huawei smartphones and tablets with Device Manager functionality
Versions: HarmonyOS versions prior to security patch June 2022
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using multi-device interaction features like file sharing, screen projection, or device collaboration

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate or corrupt data being transferred between devices, potentially leading to data loss, system instability, or unauthorized access to sensitive information.

🟠

Likely Case

Data integrity issues during device synchronization or file transfers, potentially causing corrupted files or inconsistent data across devices.

🟢

If Mitigated

With proper network segmentation and device authentication, impact would be limited to isolated incidents with minimal data loss.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires proximity or network access to target devices, likely needs some level of device interaction

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2022 security patch or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2022/6/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install June 2022 security patch or later. 3. Restart device after installation.

🔧 Temporary Workarounds

Disable multi-device features

all

Temporarily disable Device Manager multi-device interaction features

Network isolation

all

Isolate vulnerable devices from untrusted networks

🧯 If You Can't Patch

  • Disable all multi-device interaction features in Device Manager settings
  • Implement network segmentation to isolate vulnerable devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. If version is before June 2022 security patch, device is vulnerable.

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version shows June 2022 security patch or later in Settings > About phone > HarmonyOS version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected device pairing attempts
  • Abnormal data transfer patterns between devices
  • Device Manager error logs related to multi-device operations

Network Indicators:

  • Unusual network traffic between Huawei devices
  • Suspicious Bluetooth or Wi-Fi Direct connections

SIEM Query:

Device logs showing unexpected multi-device interaction events or failed authentication attempts in Device Manager

📊 Metadata

CVE ID: CVE-2021-46812
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Published: June 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON