CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

huawei

ecns280_firmware

3 known vulnerabilities · sorted by CVSS score

CVE-2021-22361

HIGH7.8

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.

huawei / ecns280_firmware+3

Local

Published Jun 22, 2021

CVE-2021-22292

HIGH7.5

There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.

huawei / ecns280_firmware+1

Network

Published Feb 6, 2021

CVE-2021-22338

MEDIUM5.3

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.

huawei / ecns280_firmware+1

Network

Published Jun 29, 2021