CVE-2021-22377

HIGH

Huawei S12700-S7700 - Command Injection

Title source: llm

Description

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en

Scores

CVSS v3 7.2

EPSS 0.0090

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (5)

huawei/s12700_firmware v200r019c00spc500

huawei/s2700_firmware v200r019c00spc500

huawei/s5700_firmware v200r019c00spc500

huawei/s6700_firmware v200r019c00spc500

huawei/s7700_firmware v200r019c00spc500

Published Jun 22, 2021

Tracked Since Feb 18, 2026