CVE-2021-22382
Published on: 06/22/2021 12:00:00 AM UTC
Last Modified on: 06/29/2021 05:56:00 PM UTC
Certain versions of E3372 from Huawei contain the following vulnerability:
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.
- CVE-2021-22382 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.5 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | HIGH | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 4.4 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Security Advisory - Improper Permission Assignment Vulnerability in Some USB Dongle Products | www.huawei.com text/html | MISC www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware | Huawei | E3372 | - | All | All | All |
Operating System | Huawei | E3372 Firmware | All | All | All | All |
Hardware | Huawei | E8372 | - | All | All | All |
Operating System | Huawei | E8372 Firmware | All | All | All | All |
- cpe:2.3:h:huawei:e3372:-:*:*:*:*:*:*:*:
- cpe:2.3:o:huawei:e3372_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:huawei:e8372:-:*:*:*:*:*:*:*:
- cpe:2.3:o:huawei:e8372_firmware:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2021-22382 : #Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker… twitter.com/i/web/status/1… | 2021-06-22 19:06:44 |
@SecRiskRptSME | RT: CVE-2021-22382 Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacke… twitter.com/i/web/status/1… | 2021-06-23 07:36:33 |
/r/netcve | CVE-2021-22382 | 2021-06-22 19:41:31 |