Vulnerabilities > CVE-2021-22338 - XXE vulnerability in Huawei Ecns280 Firmware V100R005C00/V100R005C10

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
huawei
CWE-611

Summary

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.

Vulnerable Configurations

Part Description Count
OS
Huawei
2
Hardware
Huawei
1