CVE-2021-22338XML External Entity (XXE) Injection in Huawei Ecns280 Firmware

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 64.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Ecns280 Firmware
Timeline
PublishedJun 29
Latest updateMay 24

Description

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5huawei/ecns280_firmwareV100R005C00,V100R005C10
NVDhuawei/ecns280_firmwarev100r005c00, v100r005c10+1

🔴Vulnerability Details

2
GHSA
GHSA-9ph9-qc4h-6c7p: There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C102022-05-24
CVEList
CVE-2021-22338: There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C102021-06-29
CVE-2021-22338 — XML External Entity (XXE) Injection | cvebase