Description
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.
Scores
CVSS v3
7.5
EPSS
0.0015
EPSS Percentile
35.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-330
Status
published
Products (6)
huawei/usg9500_firmware
v500r001c30spc200
huawei/usg9500_firmware
v500r001c60spc500
huawei/usg9500_firmware
v500r005c00spc200
huawei/usg9520_firmware
v500r005c00
huawei/usg9560_firmware
v500r005c00
huawei/usg9580_firmware
v500r005c00
Published
Mar 22, 2021
Tracked Since
Feb 18, 2026