How serious is CVE-2021-40006?

This vulnerability has a CVSS score of 4.6 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2021-40006?

CVE-2021-40006 affects huawei harmonyos. Check the full CVE details for specific version information.

How do I fix CVE-2021-40006?

To remediate CVE-2021-40006, check for security patches from huawei. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2021-40006

Medium

|4.6

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to potentially access sensitive information due to flaws in the security algorithms used by HarmonyOS. To exploit this, the attacker would need to find a way to interact with the affected system, which could compromise the confidentiality of the data.

Technical Description

Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.

CVSS Vector Analysis

Attack VectorPhysical

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactNone

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$603($500-$1K)

Vendor Response

Grade FPatched in 1506 days

Quick Information

Published

Jan 10, 2022

about 4 years ago

Last Modified

Feb 24, 2026

about 1 month ago

Vendor

huawei

Product

harmonyos

Related Vulnerabilities

CVE-2026-28551Medium

This vulnerability allows an attacker to disrupt the security management of Huawei devices running HarmonyOS, potentially causing the system to become unavailable. To exploit this issue, the attacker must be able to trigger a race condition, which occurs when two processes try to access the same resource at the same time.

CVE-2026-28549Medium

This vulnerability allows an attacker to disrupt the permission management system on HarmonyOS, potentially causing the service to become unavailable. To exploit this, the attacker needs to take advantage of a timing issue in how permissions are handled, which could lead to service interruptions.

CVE-2026-28548Medium

This vulnerability allows an attacker to potentially access sensitive information from the email application due to a failure in properly verifying user actions. To exploit this, the attacker would need to trick the application into accepting malicious inputs, which could compromise the confidentiality of user data.

CVE-2026-28547Medium

This vulnerability allows an attacker to potentially disrupt the operation of HarmonyOS by exploiting an issue with uninitialized pointers in the scanning module. Successful exploitation requires the attacker to have access to the affected system, which could lead to service interruptions or crashes.

CVE-2026-28546Medium

This vulnerability allows an attacker to crash the scanning module of HarmonyOS, potentially making the system unavailable. To exploit this, the attacker needs to send specially crafted input to the module, which could happen if the device is connected to a malicious network or application.