CVE-2021-40007

Published: Dec 13, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure.

Affected (1)

Products: Huawei: Ecns280 Td Firmware

Huawei

1 product

Ecns280 Td Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ecns280 Td Firmware	Version v100r005c10spc650

Running on/with	Platform Versions
Huawei Ecns280 Td	All versions

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-informationleak-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-informationleak-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.