Details of VAR-202110-0682

ID

VAR-202110-0682

CVE

CVE-2021-37123

TITLE

Huawei Hero-Ct060 incorrect authentication vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-102867

DESCRIPTION

There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do. Huawei Hero-Ct060 is a smart wireless bluetooth headset of China's Huawei (Huawei) company. Huawei Hero-Ct060 versions before 1.0.0.200 have security vulnerabilities. The vulnerability stems from the program's inadequate verification of the user's identity. Attackers can use this vulnerability to perform some improper operations outside of authorization. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-37123 // CNVD: CNVD-2021-102867 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-37123

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-102867

AFFECTED PRODUCTS

vendor:

huawei

model:

hero-ct060

scope:

version:

1.0.0.200

Trust: 1.6

sources: CNVD: CNVD-2021-102867 // NVD: CVE-2021-37123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37123
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2021-102867
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1908
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-37123
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-37123
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-102867
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-37123
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-102867 // VULMON: CVE-2021-37123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1908 // NVD: CVE-2021-37123

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.0

sources: NVD: CVE-2021-37123

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1908

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Patch for Huawei Hero-Ct060 incorrect authentication vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/310841	Trust: 0.6
title:	Huawei Hero-Ct060 Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166171	Trust: 0.6

sources: CNVD: CNVD-2021-102867 // CNNVD: CNNVD-202109-1908

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37123	Trust: 2.3
db:	CNVD	id:	CNVD-2021-102867	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021093002	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1908	Trust: 0.6
db:	VULMON	id:	CVE-2021-37123	Trust: 0.1

sources: CNVD: CNVD-2021-102867 // VULMON: CVE-2021-37123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1908 // NVD: CVE-2021-37123

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210929-01-auth-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37123	Trust: 1.2
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021093002	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210929-01-auth-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-102867 // VULMON: CVE-2021-37123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1908 // NVD: CVE-2021-37123

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202109-1908

SOURCES

db:	CNVD	id:	CNVD-2021-102867
db:	VULMON	id:	CVE-2021-37123
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1908
db:	NVD	id:	CVE-2021-37123

LAST UPDATE DATE

2024-08-14T12:12:49.022000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-102867	date:	2021-12-28T00:00:00
db:	VULMON	id:	CVE-2021-37123	date:	2021-10-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1908	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2021-37123	date:	2021-10-18T18:09:55.353

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-102867	date:	2021-12-28T00:00:00
db:	VULMON	id:	CVE-2021-37123	date:	2021-10-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1908	date:	2021-09-29T00:00:00
db:	NVD	id:	CVE-2021-37123	date:	2021-10-11T16:15:07.610