First published: Sat Feb 06 2021(Updated: )
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Ecns280 Td Firmware | =v100r005c00 | |
Huawei Ecns280 Td Firmware | =v100r005c10 | |
Huawei Ecns280 Td |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this information leak vulnerability is CVE-2021-22300.
The affected software versions of eCNS280_TD are V100R005C00 and V100R005C10.
The severity rating of CVE-2021-22300 is medium (4.1).
An attacker can exploit this vulnerability by obtaining sensitive information through inter-process access that requires other methods.
You can find more information about this vulnerability on the Huawei PSIRT security advisories page.