CVE-2021-40024 Implementation of the WLAN module interfaces has the information disclosure vulnerability

The information disclosure vulnerability exists due to the fact that the input data to the WLAN module is not sanitized before being provided to the application. Data which is supposed to be hidden from the user (such as password), may be revealed due to this issue. It is recommended to implement input sanitizing functions to prevent information disclosure. It is also recommended to limit access to the WLAN module to only those users who have a legitimate need to access this functionality. Limiting access to the WLAN module reduces the impact of this vulnerability.

Vulnerability – CVE-2021-40024

Vulnerability Description: The information disclosure vulnerability exists due to the fact that the input data to the WLAN module is not sanitized before being provided to the application. Data which is supposed to be hidden from the user (such as password), may be revealed due to this issue. It is recommended to implement input sanitizing functions to prevent information disclosure. It is also recommended to limit access to the WLAN module to only those users who have a legitimate need to access this functionality. Limiting access to the WLAN module reduces the impact of this vulnerability.

Vulnerability Symptoms and Tips

The vulnerability is related to a flaw in the WLAN module of the device which can lead to information disclosure, unauthorized access to data, and privileged code execution.

If you have any questions, please feel free to contact us at support@huawei.com

Vulnerability Scenario

A vulnerability has been identified in the WLAN component of a product and the developers have implemented restrictions to limit the impact. This is important because it will reduce the number of possible users who are impacted by this vulnerability.

Vulnerability details

The information disclosure vulnerability exists due to the fact that the input data to the WLAN module is not sanitized before being provided to the application. Data which is supposed to be hidden from the user (such as password), may be revealed due to this issue. It is recommended to implement input sanitizing functions to prevent information disclosure. It is also recommended to limit access to the WLAN module to only those users who have a legitimate need to access this functionality. Limiting access to the WLAN module reduces the impact of this vulnerability.

Timeline

Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 16:58:00 UTC

References

• https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845
• https://consumer.huawei.com/en/support/bulletin/2022/9/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40024