CVE-2021-22293

HIGH

Huawei Campusinsight - HTTP Request Smuggling

Title source: rule

Description

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).

References (1)

[Vendor Advisory] https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en

Scores

CVSS v3 7.5

EPSS 0.0013

EPSS Percentile 32.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-444

Status published

Products (4)

huawei/campusinsight v100r019c10

huawei/manageone 6.5.1.1 (5 CPE variants)

huawei/manageone 8.0.0 rc2

huawei/taurus-al00a_firmware 10.0.0.1\(c00e1r1p1\)

Published Feb 06, 2021

Tracked Since Feb 18, 2026