Huawei Ecns280 Firmware vulnerabilities
3 known vulnerabilities affecting huawei/ecns280_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-22338MEDIUMCVSS 5.3vv100r005c00vv100r005c102021-06-29
CVE-2021-22338 [MEDIUM] CWE-611 CVE-2021-22338: There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not pe
There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.
nvd
CVE-2021-22361HIGHCVSS 7.8vv100r005c00vv100r005c102021-06-22
CVE-2021-22361 [HIGH] CVE-2021-22361: There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vES
There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.
nvd
CVE-2021-22292HIGHCVSS 7.5vv100r005c00vv100r005c102021-02-06
CVE-2021-22292 [HIGH] CVE-2021-22292: There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due t
There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.
nvd