CVE-2021-40045

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-40045

CWE

https://cwe.mitre.org/data/definitions/347.html

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name	Vendor	Start Version	End Version
Emui	Huawei	11.0.0 (including)	11.0.0 (including)
Emui	Huawei	11.0.1 (including)	11.0.1 (including)
Emui	Huawei	12.0.0 (including)	12.0.0 (including)
Harmonyos	Huawei	*	2.0 (excluding)
Magic_ui	Huawei	4.0.0 (including)	4.0.0 (including)

https://cwe.mitre.org/data/definitions/463.html
https://cwe.mitre.org/data/definitions/475.html

References

https://consumer.huawei.com/en/support/bulletin/2022/2/
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202202-0000001204253396
https://consumer.huawei.com/en/support/bulletin/2022/2/
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202202-0000001204253396

Improper Verification of Cryptographic Signature

Weakness

Affected Software

Related Attack Patterns

References