CVE-2021-22338
- EPSS 0.15%
- Published 29.06.2021 19:15:09
- Last modified 21.11.2024 05:49:56
There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of...
CVE-2021-22361
- EPSS 0.03%
- Published 22.06.2021 18:15:07
- Last modified 21.11.2024 05:49:58
There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a speci...
CVE-2021-22292
- EPSS 0.17%
- Published 06.02.2021 03:15:12
- Last modified 21.11.2024 05:49:51
There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and ...