First published: Mon Mar 22 2021(Updated: )
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Nip6300 Firmware | =v500r001c00 | |
Huawei Nip6300 Firmware | =v500r001c20 | |
Huawei Nip6300 Firmware | =v500r001c30 | |
Huawei NIP6300 | ||
Huawei Nip6600 Firmware | =v500r001c00 | |
Huawei Nip6600 Firmware | =v500r001c20 | |
Huawei Nip6600 Firmware | =v500r001c30 | |
Huawei Nip6600 | ||
Huawei Secospace Usg6300 Firmware | =v500r001c00 | |
Huawei Secospace Usg6300 Firmware | =v500r001c20 | |
Huawei Secospace Usg6300 Firmware | =v500r001c30 | |
Huawei Secospace USG6300 | ||
Huawei Secospace Usg6500 Firmware | =v500r001c00 | |
Huawei Secospace Usg6500 Firmware | =v500r001c20 | |
Huawei Secospace Usg6500 Firmware | =v500r001c30 | |
Huawei Secospace Usg6500 | ||
Huawei Secospace Usg6600 Firmware | =v500r001c00 | |
Huawei Secospace Usg6600 Firmware | =v500r001c20 | |
Huawei Secospace Usg6600 Firmware | =v500r001c30 | |
Huawei Secospace Usg6600 Firmware | =v500r001c50 | |
Huawei Secospace Usg6600 Firmware | =v500r001c60 | |
Huawei Secospace Usg6600 Firmware | =v500r001c80 | |
Huawei Secospace USG6600 | ||
Huawei Usg9500 Firmware | =v500r005c00 | |
Huawei Usg9500 Firmware | =v500r005c10 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-22310.
This vulnerability affects certain versions of Huawei NIP6300, NIP6600, Secospace USG6300, Secospace USG6500, Secospace USG6600, and USG9500 firmware.
The severity of CVE-2021-22310 is medium.
This vulnerability can be exploited by obtaining specific information from the log file when a user logs in to the affected device.
Yes, Huawei has released a security advisory with information on how to mitigate this vulnerability.