| |
Vulnerability CVE-2021-22449
Published: 2021-08-23
| Description: |
There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device. |
Type:
CWE-269 (Improper Privilege Management)
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
