When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0 

CVE-2021-22568: sdk/CHANGELOG.md at main · dart-lang/sdk

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

**Mozilla Foundation Security Advisory 2021-52**

Announced

December 7, 2021

Impact

high

Products

Firefox

Fixed in

*   Firefox 95

**#CVE-2021-43536: URL leakage when navigating while executing asynchronous function**

Reporter

Sunwoo Kim and Youngmin Kim of SNU CompSec Lab

Impact

high

**Description**

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL.

**References**

*   Bug 1730120

**#CVE-2021-43537: Heap buffer overflow when using structured clone**

Reporter

bo13oy of Cyber Kunlun Lab

Impact

high

**Description**

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash.

**References**

*   Bug 1738237

**#CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both**

Reporter

Irvan Kurniawan (@sourc7)

Impact

high

**Description**

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.

**References**

*   Bug 1739091

**#CVE-2021-43539: GC rooting failure when calling wasm instance methods**

Reporter

Asumu Takikawa and Ioanna Dimitriou

Impact

high

**Description**

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash.

**References**

*   Bug 1739683

**#CVE-2021-4128: Use-after-free in fullscreen objects on MacOS**

Reporter

Atila Butkovits

Impact

high

**Description**

When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.  
_This bug only affects Firefox on MacOS. Other operating systems are unaffected._

**References**

*   Bug 1735852

**#CVE-2021-43540: WebExtensions could have installed persistent ServiceWorkers**

Reporter

Jake Heath

Impact

moderate

**Description**

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension.

**References**

*   Bug 1636629

**#CVE-2021-43541: External protocol handler parameters were unescaped**

Reporter

chriscla

Impact

moderate

**Description**

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped.

**References**

*   Bug 1696685

**#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler**

Reporter

Raphael Smolik

Impact

moderate

**Description**

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.

**References**

*   Bug 1723281

**#CVE-2021-43543: Bypass of CSP sandbox directive when embedding**

Reporter

Armin Ebert

Impact

moderate

**Description**

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.

**References**

*   Bug 1738418

**#CVE-2021-43544: Receiving a malicious URL as text through a SEND intent could have led to XSS**

Reporter

Irwan

Impact

moderate

**Description**

When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks.  
_This bug only affects Firefox for Android. Other operating systems are unaffected._

**References**

*   Bug 1739934

**#CVE-2021-43545: Denial of Service when using the Location API in a loop**

Reporter

Paul Zühlcke

Impact

low

**Description**

Using the Location API in a loop could have caused severe application hangs and crashes.

**References**

*   Bug 1720926

**#CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed**

Reporter

Daniel Veditz

Impact

low

**Description**

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.

**References**

*   Bug 1737751

**#CVE-2021-4129: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 95

CVE-2021-43542: Security Vulnerabilities fixed in Firefox 95

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

**Mozilla Foundation Security Advisory 2021-52**

Announced

December 7, 2021

Impact

high

Products

Firefox

Fixed in

*   Firefox 95

**#CVE-2021-43536: URL leakage when navigating while executing asynchronous function**

Reporter

Sunwoo Kim and Youngmin Kim of SNU CompSec Lab

Impact

high

**Description**

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL.

**References**

*   Bug 1730120

**#CVE-2021-43537: Heap buffer overflow when using structured clone**

Reporter

bo13oy of Cyber Kunlun Lab

Impact

high

**Description**

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash.

**References**

*   Bug 1738237

**#CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both**

Reporter

Irvan Kurniawan (@sourc7)

Impact

high

**Description**

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.

**References**

*   Bug 1739091

**#CVE-2021-43539: GC rooting failure when calling wasm instance methods**

Reporter

Asumu Takikawa and Ioanna Dimitriou

Impact

high

**Description**

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash.

**References**

*   Bug 1739683

**#MOZ-2021-0010: Use-after-free in fullscreen objects on MacOS**

Reporter

Atila Butkovits

Impact

high

**Description**

When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.  
_This bug only affects Firefox on MacOS. Other operating systems are unaffected._

**References**

*   Bug 1735852

**#CVE-2021-43540: WebExtensions could have installed persistent ServiceWorkers**

Reporter

Jake Heath

Impact

moderate

**Description**

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension.

**References**

*   Bug 1636629

**#CVE-2021-43541: External protocol handler parameters were unescaped**

Reporter

chriscla

Impact

moderate

**Description**

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped.

**References**

*   Bug 1696685

**#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler**

Reporter

Raphael Smolik

Impact

moderate

**Description**

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.

**References**

*   Bug 1723281

**#CVE-2021-43543: Bypass of CSP sandbox directive when embedding**

Reporter

Armin Ebert

Impact

moderate

**Description**

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.

**References**

*   Bug 1738418

**#CVE-2021-43544: Receiving a malicious URL as text through a SEND intent could have led to XSS**

Reporter

Irwan

Impact

moderate

**Description**

When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks.  
_This bug only affects Firefox for Android. Other operating systems are unaffected._

**References**

*   Bug 1739934

**#CVE-2021-43545: Denial of Service when using the Location API in a loop**

Reporter

Paul Zühlcke

Impact

low

**Description**

Using the Location API in a loop could have caused severe application hangs and crashes.

**References**

*   Bug 1720926

**#CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed**

Reporter

Daniel Veditz

Impact

low

**Description**

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.

**References**

*   Bug 1737751

**#MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4**

Reporter

Mozilla developers and community

Impact

high

**Description**

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 95

CVE-2021-43546: Security Vulnerabilities fixed in Firefox 95

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94.

**Related documentation**

*   Creating an account

You are not authorized to access bug 1736886. To see this bug, you must first log in to an account with the appropriate permissions.

Please press **Back** and try again.

CVE-2021-43530: Access Denied

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames

**Setup Video**

*   **How to Set up Address Reservation on TP-Link Routers Windows**
    
    This video will show you how to set up Address Reservation on TP-Link routers.
    
    Learn More
    
*   **How to Set up OpenVPN on TP-Link Routers Windows**
    
    This video will show you how to set up OpenVPN on a TP-Link Wi-Fi router. For more information, visit www.tp-link.com/support.
    
    Learn More
    
*   **How to setup PPTP VPN on TP Link routers Windows**
    
    This video will show you how to set up PPTP VPN on a TP-Link Wi-Fi router. For more information, visit www.tp-link.com/support
    
    Learn More
    
*   **How to Setup A TP-Link WiFi 6 Router**
    
    This setup guide will show you how quickly and easily you can setup your new TP-Link WiFi 6 router.
    
    Learn More
    
*   **What should I do if I cannot access the internet? - Using a DSL modem and a TP-Link router**
    
    If you can’t access the internet using a DSL modem and TP-Link router, this video can help you solve the problem.
    
    Learn More
    
*   **What should I do if I cannot access the internet? - Using a cable modem and a TP-Link router**
    
    If you can’t access the internet using a cable modem and TP-Link router, follow this video step by step to solve your problem.
    
    Learn More
    
*   **TP Link Archer AX Series Unboxing and Setup (for Archer AX10, etc.)**

**Firmware**

A firmware update can resolve issues that the previous firmware version may have and improve its current performance.

**To Upgrade**

**IMPORTANT:** To prevent upgrade failures, please read the following before proceeding with the upgrade process

*   **Please upgrade firmware from the local TP-Link official website of the purchase location for your TP-Link device, otherwise it will be against the warranty. Please click here to change site if necessary.**
*   Please verify the hardware version of your device for the firmware version. Wrong firmware upgrade may damage your device and void the warranty. (**Normally Vx.0=Vx.6/Vx.8 (eg:V1.0=V1.6/V1.8);   Vx.x0=Vx.x6/Vx.x8 (eg:V1.20=V1.26/V1.28)**  
    How to find the hardware version on a TP-Link device?
*   **Do NOT turn off the power during the upgrade process, as it may cause permanent damage to the product.**
*   To avoid wireless disconnect issue during firmware upgrade process, it's recommended to upload firmware with wired connection unless there is no LAN/Ethernet port on your TP-Link device.
*   It's recommended that users stop all Internet applications on the computer, or simply disconnect Internet line from the device before the upgrade.
*   Use decompression software such as WinZIP or WinRAR to extract the file you download before the upgrade.

Archer AX10(US)\_V1\_211117

Download

**Important Notice**

Please upgrade firmware/software from the local TP-Link official website of the purchase location for your TP-Link device, otherwise it may cause upgrade failure or mistakes and be against the warranty.

Still Download  Go to Local Website

Published Date: 2021-11-30

Language: English

File Size: 15.66 MB

Release Note:  
Bug Fixed:  
1\. Fixed some GDPR Encryption vulnerabilities;  
2\. Fixed abnormal DHCP lease renewal;  
3\. Fixed HTTP smuggling attack vulnerability;  
4\. Fixed HTTP/0.9 request vulnerability.

Archer AX10(US)\_V1\_211014

Download

**Important Notice**

Please upgrade firmware/software from the local TP-Link official website of the purchase location for your TP-Link device, otherwise it may cause upgrade failure or mistakes and be against the warranty.

Still Download  Go to Local Website

Published Date: 2021-11-17

Language: Multi-language

File Size: 15.66 MB

New Features/Enhancement:  
1.Optimized VPN Server feature;  
2.Updated dropbear version and changed the dropbear port;  
3.Updated openssl version;  
4.Improved the stability of OneMesh feature;  
5.Improved the wireless stability.

Bug Fixed:  
1.Fixed the bugs on the Web UI;  
2.Fixed security vulnerabilities;  
3.Fixed the bugs related to dnsmasq;  
4.Fixed the bug that the router can't get WAN IP in some cases;  
5.Fixed the bug related to DMZ;  
6.Fixed the bugs related to AP mode;  
7.Fixed the bug that QoS can't work in some cases;  
8.Fixed the bugs on Tether App;  
9.Fixed WPA3-SAE DOS attack vulnerability;  
10.Fixed the bugs related to WPS.

Archer AX10(US)\_V1\_210809

Download

Published Date: 2021-09-15

Language: Multi-language

File Size: 15.67 MB

New Features/Enhancement:  
1.Added IPv6 firewall feature;  
2.Added IPv6 Parent Control feature;  
3.Optimized QoS feature.

Bug Fixed:  
1.Fixed the bug related to IPTV;  
2.Fixed the bug that OpenVPN client can't use UDP in some cases;  
3.Fixed the bug that the router will keep rebooting itself in some cases.

**To Use Third Party Firmware In TP-Link Products**

Some official firmware of TP-Link products can be replaced by the third party firmware such as DD-WRT. TP-Link is not obligated to provide any maintenance or support for it, and does not guarantee the performance and stability of third party firmware. Damage to the product as a result of using third party firmware will void the product's warranty.

**Open Source Code For Programmers (GPL)**

Please note: The products of TP-Link partly contain software code developed by third parties, including software code subject to the GNU General Public Licence (“GPL“), Version 1/Version 2/Version 3 or GNU Lesser General Public License ("LGPL"). You may use the respective software condition to following the GPL licence terms.

You can review, print and download the respective GPL licence terms here. You receive the GPL source codes of the respective software used in TP-Link products for direct download and further information, including a list of TP-Link software that contain GPL software code under GPL Code Center.

The respective programs are distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the respective GNU General Public License for more details.

**Apps**

![](https://static.tp-link.com/res/style/images/tp-link-tether.png)

TP-Link Tether

TP-Link Tether provides the easiest way to access and manage your network with your iOS or Android devices. Learn more about TP-Link Tether and Compatible Devices

![](https://static.tp-link.com/res/images/qrcode/app-tether.png)

*   
*   

Note: To use Tether, please update your router’s firmware to the latest version.

**Emulators**

Firmware Version

Working Mode

Language

190321(US)

\-

English

Browse

**Note:**

1\.  The emulator is a virtual web GUI where you can experience the TP-Link product management panel.

2\. The listed emulators might not have the latest firmware.

3\.  The features displayed are for reference, and their availability may depend on local regulations. For more information, please refer to the datasheet or product page.

CVE-2021-40288: Download for  Archer AX10 | TP-Link

Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function

**Vulnerable Software:** Maharashtra State Electricity Board Android Application

**Vulnerability:** Clear-text password storage

**Affected Version:** 7.50 and prior

**Patched:** Yes

**Vendor Homepage:** https://www.mahadiscom.in/en/home/

**App store link:** https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en\_IN&gl=US

**CVE:** CVE-2020-27413

**CVE Author:** Tejas Nitin Pingulkar

**Exploit Available:** POC Available

**About Affected Software**

The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran Consumer App enables consumers to avail Mahavitaran services at his/her fingertips. The app is simple and easy to use. It provides transparency in delivering services to consumers.

►Features :

\*View and Pay bill  
\*Register and Track complaints  
\*View Bill and Payment history  
\*Manage Multiple Electricity Connections  
\*Contact 24 x7 MSEDCL Call Center  
\*Apply for New Connection  
\* Know the status of New Connection Application and Pay Estimate Charges  
\*Submit Meter Reading to avoid average billing  
\*Provide Feedback about Mahavitaran Services  
\*Update Contact Details ( Mobile Number & E-mail ID ) of consumer  
\*Find MSEDCL offices and collection centers near you  
\*Estimate your monthly electricity consumption and bill amount  
\*Get Information about the Feeder from where the power supply is provided to your connection  
\*Apply for the change of name  
\*Submit an application for addition/reduction in load

**Exploit**

Authentication bypass using OTP Fixation  
OTP reset functions uses id field  
An attacker can manipulate OTP ID field as each OTP id has fixed OTP code  
Let’s generate OTP for password reset  
Now as demonstrated in Video POC below OTP ID is 7310828 and Correct OTP for this id is 565449  
Now we know that for OTP ID 7310828 Correct OTP is 565449 hence we can use same OTP ID and OTP pair to reset any user account and take full control.  

**Proof Of Concept**

CVE-2021-41716: Account take over via OTP Fixation – CVEWalkthrough

A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.

...

**Controlling Cookies with Browser Settings**

Your browser or device may offer settings that allow you to choose whether browser cookies are set and to delete them.  
These controls vary by browser, and manufacturers may change both the settings they make available and how they work at any time.  
Additional information about the controls offered by popular browsers can be found at the links below.  
Certain parts of WhatsApp Products may not work properly if you have disabled browser cookies.

Google Chrome  
Internet Explorer  
Firefox  
Safari  
Safari Mobile  
Opera

CVE-2021-24041: WhatsApp Security Advisories

There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

HUAWEI is releasing monthly security updates for flagship models. This security update includes Android and HUAWEI patches:

This security update includes the CVE announced in the Android security bulletin.

Critical: CVE-2021-1976, CVE-2021-1972

High: CVE-2021-0591, CVE-2021-0593, CVE-2021-0640, CVE-2021-0641, CVE-2021-0642, CVE-2021-0646, CVE-2021-0584, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-1978, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582, CVE-2021-0578

Medium: none

Low: none

Already included in previous updates: CVE-2019-9239, CVE-2019-9238, CVE-2019-9309, CVE-2021-1965, CVE-2021-1943, CVE-2021-1945, CVE-2021-1954, CVE-2021-1964

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-22450: Memory leaks in some HUAWEI devices due to exceptions when freeing memory

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.

CVE-2021-22323: Memory leaks and out-of-bounds access vulnerabilities in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE-2021-37051: Out-of-bounds read vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2021-37050: Missing sensitive data encryption vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37049: Heap-based buffer overflow vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.

CVE-2021-37047: Input verification vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause some services to restart.

CVE-2021-37046: Memory leak vulnerability with the codec detection module in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.

CVE-2021-37045: UAF vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.

CVE-2021-37044: Permission control vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-37040: Parameter injection vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.

CVE-2021-37039: Input verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause Bluetooth DoS.

CVE-2021-37038: Improper access control vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37037: Invalid address access vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2021-37027: DoS vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-37009: Multi-user settings vulnerability in the system components of some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37000: Improper permission management vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-36987: Nodes in the linked list being freed for multiple times in some HUAWEI devices due to race conditions

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service stability and integrity.

CVE-2021-33909: Privilege escalation vulnerability in the file system components of some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22486: Unstandardized field names in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37052: Exception log vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause address information leakage.

CVE-2021-22437: Software integer overflow leading to a TOCTOU condition in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause random address access.

CVE-2021-22436: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22435: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.

CVE-2021-22434: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22432: Vulnerability when configuring permission isolation in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22431: Vulnerability when configuring permission isolation in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22425: Nodes in the linked list being freed for multiple times in some HUAWEI devices due to race conditions

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.

CVE-2021-22372: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22371: Allowing arbitrary capture of call stacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22369: Memory leaks and out-of-bounds access vulnerabilities in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE-2021-22368: Access control vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.0.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect normal use of the device.

CVE-2021-22346: Improper permission management vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may lead to the disclosure of user habits.

CVE-2021-22343: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause app redirections.

CVE-2021-22325: Video streaming vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may result in video streams being intercepted during wired projections.

CVE-2021-37054: Identity spoofing and authentication bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37055: Logic bypass vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may allow attempts to obtain certain device information.

CVE-2021-22322: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37038: September

An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.

**Mahavitaran Services now at your Fingertips**

The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran Consumer App enables consumers to avail Mahavitaran services at his/her fingertips. The app is simple and easy to use. It provides transparency in delivering services to consumers.

►Features :

\*View and Pay bill  
\*Register and Track complaints  
\*View Bill and Payment history  
\*Manage Multiple Electricity Connections  
\*Contact 24 x7 MSEDCL Call Center  
\*Apply for New Connection  
\* Know the status of New Connection Application and Pay Estimate Charges  
\*Submit Meter Reading to avoid average billing  
\*Provide Feedback about Mahavitaran Services  
\*Update Contact Details ( Mobile Number & E-mail ID ) of consumer  
\*Find MSEDCL offices and collection centers near you  
\*Estimate your monthly electricity consumption and bill amount  
\*Get Information about the Feeder from where the power supply is provided to your connection  
\*Apply for the change of name  
\*Submit an application for addition/reduction in load

►Functionalities available in Mobile App :

1.Apply for new connection : Apply for New Electricity Connection in just 4 steps

2.Track New Connection Request : Status of New Connection application can be tracked using unique Application Id and estimate charges can be paid

3.Submit Reading : Submit own meter reading along with meter photo to avoid average billing, after receipt of SMS from Mahavitaran. Mahavitaran will send SMS, if meter reading is not made available by meter reader

4.Feedback: Submit ratings of Mahavitaran services in the scale of 1 to 5, where 5 means Outstanding and 1 means poor service

5.View/Pay Bill: View and Pay Electricity Bills using different payment options like  
a.Net banking  
b.Debit Card  
c.Credit Card  
d.Cash Cards  
e.Mobile Wallets  
f.Paytm

6.Update Contact details: Update Mobile Number,E-Mail ID & AadharCard No. of consumer

7.Register & Track Complaint: Register & Track Power Failure and Billing Complaints etc

8.History: View Electricity Bill history and Payments history

9.Add & Remove connection: Manage multiple electricity connections from registered account.

10.Customer Care: Call 24\*7 MSEDCL Call Center

11.Nearest Locations : Find MSEDCL offices and collection centers near you

12.Estimate consumption and bill amount : Estimate consumption in KWH by providing details about usage of appliances. Also, know the approx. monthly bill amount for that estimate.

13.Get Information about the Feeder : Feeder is a line which transfers power to the consumer through a transformer. Know technical details about this feeder and outages planned in the future, if any.

14.Report Power Theft : Inform any suspected electricity theft activity in your area

15.Apply for change of name: Submit application for changing the registered name of electricity connection

16.Add/Reduce Load: Submit application for increasing/decreasing the load of electricity connection

►Other Features :  
1.Consumer Registration: Sign up to Mahavitaran Consumer portal through mobile app

2.Guest Login: View and Pay Electricity Bills without signing up

3.App is available in English as well as Marathi Language

4.Forgot Login Name / Password: Recover forgotten account details

►For using Mahavitaran Mobile App, all you need :  
• A smart phone with Android Operating System (OS 4.0 or above).  
• Internet connectivity like GPRS/EDGE/3G/Wi-Fi/4G etc.

\[ Note: For queries related to your online mobile payment transactions, please email to helpdesk\_pg@mahadiscom.in\]

For feedback & suggestions about this app, kindly email us at msedclapp@mahadiscom.in

CVE-2020-27413: Mahavitaran - Apps on Google Play

The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action

Tag

#android