Security Advisory - Laser Command Injection Vulnerability on Huawei Terminals
- SA No:huawei-sa-20220126-01-df75863e
- Initial Release Date: 2022-01-26
- Last Release Date: 2022-01-26
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-40043.
For products that have released software updates to fix this vulnerability, Huawei will release and update the Security Advisory at:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df75863e-en
|
Product Name |
Affected Version |
Resolved Product and Version |
|
AIS-BW80H-00 |
versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00) |
9.0.3.4(H100SP17C00) |
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
Base Score: 8.1 (AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Temporal Score: 7.5 (E:F/RL:O/RC:C)
The attacked device must be within the visual distance of the attacker.
Vulnerability details:
The device does not effectively defend against malicious interference from the outside. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device.
The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.
The vulnerability was discovered by external researchers.
2022-01-26 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
