CVE-2021-22310

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 92.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Nip6300 Firmware Huawei Nip6600 Firmware Huawei Secospace Usg6300 Firmware +3 more

Timeline

PublishedMar 22

Latest updateMay 24

Description

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages6 packages

▶NVDhuawei/secospace_usg6300_firmwarev500r001c00, v500r001c20, v500r001c30+2

▶NVDhuawei/secospace_usg6500_firmwarev500r001c00, v500r001c20, v500r001c30+2

▶NVDhuawei/secospace_usg6600_firmware6 versions+5

▶NVDhuawei/nip6300_firmwarev500r001c00, v500r001c20, v500r001c30+2

▶NVDhuawei/nip6600_firmwarev500r001c00, v500r001c20, v500r001c30+2

🔴Vulnerability Details

GHSA

GHSA-gxj4-3cxj-q8mp: There is an information leakage vulnerability in some huawei products↗2022-05-24

▶

CVEList

CVE-2021-22310: There is an information leakage vulnerability in some huawei products↗2021-03-22

▶