exploitDog

CVE-2021-40007

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-informationleak-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-informationleak-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10spc650:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00153

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-116

Связанные уязвимости

GHSA-qwj7-chm6-2f8f

github

около 4 лет назад

There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure.

EPSS

Процентиль: 36%

0.00153

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-116