Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Huawei Subscribe
Filtered by product Ecns280
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22292 1 Huawei 2 Ecns280, Ecns280 Firmware 2022-07-12 7.8 HIGH 7.5 HIGH
There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.
CVE-2021-22361 1 Huawei 4 Ecns280, Ecns280 Firmware, Ese620x Vess and 1 more 2022-05-03 4.6 MEDIUM 7.8 HIGH
There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.
CVE-2021-22338 1 Huawei 2 Ecns280, Ecns280 Firmware 2021-07-02 5.0 MEDIUM 5.3 MEDIUM
There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.