CVE-2021-22380

Vulnerability

A cleartext transmission of sensitive information vulnerability exists in Huawei smartphones. The vulnerability occurs when the device transmits sensitive data over an unencrypted channel, potentially exposing it to interception. The affected versions include various Huawei smartphone models running EMUI and Magic UI prior to the May 2021 security update [1].

Exploitation

An attacker with network access to the communication path between the vulnerable smartphone and a server could passively intercept the cleartext data. No authentication or user interaction is required beyond the normal operation of the device. The attacker simply needs to be in a position to monitor the network traffic [1].

Impact

Successful exploitation could lead to disclosure of sensitive information transmitted by the device, compromising confidentiality. Additionally, the vulnerability may affect service availability, though the exact mechanism is not detailed in the available references [1].

Mitigation

Huawei has addressed this vulnerability in the May 2021 security update for EMUI and Magic UI. Users should update their devices to the latest firmware version provided in that bulletin. No workarounds are documented; applying the patch is the recommended mitigation [1].