Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ecns280 Firmware Security Vulnerabilities

cve
cve

CVE-2021-22292

There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.

7.5CVSS

7.3AI Score

0.001EPSS

2021-02-06 03:15 AM
73
3
cve
cve

CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.

5.3CVSS

5.3AI Score

0.001EPSS

2021-06-29 07:15 PM
24
2
cve
cve

CVE-2021-22361

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal serv...

7.8CVSS

7.7AI Score

0.0004EPSS

2021-06-22 06:15 PM
34