← Back

CVE-2021-22377

nvd nist
Published: Jun 22, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.

Affected (5)

Huawei
5 products
S12700 Firmware
S2700 Firmware
S5700 Firmware
S6700 Firmware
S7700 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S12700 Firmware
Version v200r019c00spc500
Running on/withPlatform Versions
Huawei
S12700
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S2700 Firmware
Version v200r019c00spc500
Running on/withPlatform Versions
Huawei
S2700
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S5700 Firmware
Version v200r019c00spc500
Running on/withPlatform Versions
Huawei
S5700
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S6700 Firmware
Version v200r019c00spc500
Running on/withPlatform Versions
Huawei
S6700
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7700 Firmware
Version v200r019c00spc500
Running on/withPlatform Versions
Huawei
S7700
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.