exploitDog

CVE-2021-22449

Опубликовано: 23 авг. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:huawei:elf-g10hn:1.0.0.608:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00179

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5q78-v5qx-c82x

CVSS3: 7.5

github

больше 3 лет назад

There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.

EPSS

Процентиль: 40%

0.00179

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo