CVE-2021-22300
MEDIUMHuawei eCNS280_TD V100R005C00 and V100R005C10 - Cleartext Storage of Sensitive Information in Temporary File
Title source: llmDescription
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en
Scores
CVSS v3
4.1
EPSS
0.0001
EPSS Percentile
2.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (2)
huawei/ecns280_td_firmware
v100r005c00
huawei/ecns280_td_firmware
v100r005c10
Published
Feb 06, 2021
Tracked Since
Feb 18, 2026