CVE-2021-22342

MEDIUM

Huawei IPS/NGFW/SeMG9811/USG9500 Firmware - Information Disclosure via Insufficient Input Handling

Title source: llm

Description

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en

Scores

CVSS v3 4.9

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (16)

huawei/ips_module_firmware v500r005c00

huawei/ips_module_firmware v500r005c10

huawei/ips_module_firmware v500r005c20

huawei/ngfw_module_firmware v500r005c00

huawei/ngfw_module_firmware v500r005c10

huawei/ngfw_module_firmware v500r005c20

huawei/semg9811_firmware v500r005c00

huawei/usg9500_firmware v500r001c00

huawei/usg9500_firmware v500r001c20

huawei/usg9500_firmware v500r001c30

... and 6 more

Published Jun 22, 2021

Tracked Since Feb 18, 2026