Sign-up

ID

VAR-202108-0292


CVE

CVE-2021-22449


TITLE

Elf-G10HN  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011006

DESCRIPTION

There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device. Elf-G10HN Exists in unspecified vulnerabilities.Information may be tampered with. Huawei WATCH Kid is a children's watch of China's Huawei (Huawei) company. Huawei WATCH Kid has an input validation error vulnerability in version 1.0.0.608. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Affected products and versions are as follows: Elf-G10HN: 1.0.0.608

Trust: 2.88

sources: NVD: CVE-2021-22449 // JVNDB: JVNDB-2021-011006 // CNVD: CNVD-2021-100795 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380884 // VULMON: CVE-2021-22449

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-100795

AFFECTED PRODUCTS

vendor:huaweimodel:elf-g10hnscope:eqversion:1.0.0.608

Trust: 1.8

vendor:huaweimodel:elf-g10hnscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:watch kidscope:eqversion:1.0.0.608

Trust: 0.6

sources: CNVD: CNVD-2021-100795 // JVNDB: JVNDB-2021-011006 // NVD: CVE-2021-22449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22449
value: HIGH

Trust: 1.0

NVD: CVE-2021-22449
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-100795
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-1883
value: HIGH

Trust: 0.6

VULHUB: VHN-380884
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-22449
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22449
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-100795
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-380884
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22449
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22449
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-100795 // VULHUB: VHN-380884 // VULMON: CVE-2021-22449 // JVNDB: JVNDB-2021-011006 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1883 // NVD: CVE-2021-22449

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-011006 // NVD: CVE-2021-22449

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1883

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:huawei-sa-20210630-01-logicurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en

Trust: 0.8

sources: JVNDB: JVNDB-2021-011006

EXTERNAL IDS

db:NVDid:CVE-2021-22449

Trust: 4.0

db:JVNDBid:JVNDB-2021-011006

Trust: 0.8

db:CNNVDid:CNNVD-202106-1883

Trust: 0.7

db:CNVDid:CNVD-2021-100795

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021062802

Trust: 0.6

db:VULHUBid:VHN-380884

Trust: 0.1

db:VULMONid:CVE-2021-22449

Trust: 0.1

sources: CNVD: CNVD-2021-100795 // VULHUB: VHN-380884 // VULMON: CVE-2021-22449 // JVNDB: JVNDB-2021-011006 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1883 // NVD: CVE-2021-22449

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-22449

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062802

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-100795 // VULHUB: VHN-380884 // VULMON: CVE-2021-22449 // JVNDB: JVNDB-2021-011006 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1883 // NVD: CVE-2021-22449

SOURCES

db:CNVDid:CNVD-2021-100795
db:VULHUBid:VHN-380884
db:VULMONid:CVE-2021-22449
db:JVNDBid:JVNDB-2021-011006
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-1883
db:NVDid:CVE-2021-22449

LAST UPDATE DATE

2024-08-14T12:57:27.246000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-100795date:2021-12-20T00:00:00
db:VULHUBid:VHN-380884date:2022-07-12T00:00:00
db:VULMONid:CVE-2021-22449date:2021-08-30T00:00:00
db:JVNDBid:JVNDB-2021-011006date:2022-07-14T05:40:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-1883date:2022-07-14T00:00:00
db:NVDid:CVE-2021-22449date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-100795date:2021-12-20T00:00:00
db:VULHUBid:VHN-380884date:2021-08-23T00:00:00
db:VULMONid:CVE-2021-22449date:2021-08-23T00:00:00
db:JVNDBid:JVNDB-2021-011006date:2022-07-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-1883date:2021-06-28T00:00:00
db:NVDid:CVE-2021-22449date:2021-08-23T20:15:14.243