CVE-2021-22310
MEDIUMHuawei Nip6300 Firmware - Log Information Exposure
Title source: ruleDescription
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en
Scores
CVSS v3
4.4
EPSS
0.0003
EPSS Percentile
7.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (20)
huawei/nip6300_firmware
v500r001c00
huawei/nip6300_firmware
v500r001c20
huawei/nip6300_firmware
v500r001c30
huawei/nip6600_firmware
v500r001c00
huawei/nip6600_firmware
v500r001c20
huawei/nip6600_firmware
v500r001c30
huawei/secospace_usg6300_firmware
v500r001c00
huawei/secospace_usg6300_firmware
v500r001c20
huawei/secospace_usg6300_firmware
v500r001c30
huawei/secospace_usg6500_firmware
v500r001c00
... and 10 more
Published
Mar 22, 2021
Tracked Since
Feb 18, 2026