V100R005C10

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

huawei

CWE-611

NVD

Published: 2021-06-29

Updated: 2021-07-02

Summary

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Ecns280 Firmware V100R005C00 Huawei Ecns280 Firmware V100R005C10	2
Hardware	Huawei Huawei Ecns280 -	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210421-01-cgp-en