Details of VAR-202201-1816

ID

VAR-202201-1816

CVE

CVE-2021-40043

TITLE

Huawei AIS-BW80H-00 Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-17395 // CNNVD: CNNVD-202201-2436

DESCRIPTION

The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device. AIS-BW80H-00 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Huawei AIS-BW80H-00 is a smart speaker device from the Chinese company Huawei

Trust: 2.16

sources: NVD: CVE-2021-40043 // JVNDB: JVNDB-2022-006829 // CNVD: CNVD-2022-17395

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-17395

AFFECTED PRODUCTS

vendor:	huawei	model:	ais-bw80h-00	scope:	lt	version:	9.0.3.4\(h100sp13c00\)	Trust: 1.0
vendor:	huawei	model:	ais-bw80h-00	scope:	eq	version:	ais-bw80h-00 firmware 9.0.3.4 (h100sp13c00)	Trust: 0.8
vendor:	huawei	model:	ais-bw80h-00	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	ais-bw80h-00	scope:	lt	version:	9.0.3.4	Trust: 0.6

sources: CNVD: CNVD-2022-17395 // JVNDB: JVNDB-2022-006829 // NVD: CVE-2021-40043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40043
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-40043
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-17395
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202201-2436
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-40043
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-17395
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-40043
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-40043
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-17395 // JVNDB: JVNDB-2022-006829 // CNNVD: CNNVD-202201-2436 // NVD: CVE-2021-40043

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006829 // NVD: CVE-2021-40043

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-2436

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202201-2436

PATCH

title:	huawei-sa-20220126-01-df75863e	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df75863e-en	Trust: 0.8
title:	Patch for Huawei AIS-BW80H-00 Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/323701	Trust: 0.6
title:	Huawei AIS-BW80H-00 Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184068	Trust: 0.6

sources: CNVD: CNVD-2022-17395 // JVNDB: JVNDB-2022-006829 // CNNVD: CNNVD-202201-2436

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40043	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-006829	Trust: 0.8
db:	CNVD	id:	CNVD-2022-17395	Trust: 0.6
db:	CS-HELP	id:	SB2022012625	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-2436	Trust: 0.6

sources: CNVD: CNVD-2022-17395 // JVNDB: JVNDB-2022-006829 // CNNVD: CNNVD-202201-2436 // NVD: CVE-2021-40043

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df75863e-en	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40043	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022012625	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-40043/	Trust: 0.6

sources: CNVD: CNVD-2022-17395 // JVNDB: JVNDB-2022-006829 // CNNVD: CNNVD-202201-2436 // NVD: CVE-2021-40043

SOURCES

db:	CNVD	id:	CNVD-2022-17395
db:	JVNDB	id:	JVNDB-2022-006829
db:	CNNVD	id:	CNNVD-202201-2436
db:	NVD	id:	CVE-2021-40043

LAST UPDATE DATE

2024-11-23T22:32:57.156000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-17395	date:	2022-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-006829	date:	2023-07-10T05:35:00
db:	CNNVD	id:	CNNVD-202201-2436	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-40043	date:	2024-11-21T06:23:27.017

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-17395	date:	2022-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-006829	date:	2023-07-10T00:00:00
db:	CNNVD	id:	CNNVD-202201-2436	date:	2022-01-26T00:00:00
db:	NVD	id:	CVE-2021-40043	date:	2022-02-25T19:15:12.397