CVE-2021-37129

HIGH

Huawei IPS/NGFW/NIP6600/S12700/S1700/S2700/S5700/S6700/S7700/S9700/USG9500 Firmware - Out-of-bounds Write

Title source: llm

Description

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en

Scores

CVSS v3 7.5

EPSS 0.0018

EPSS Percentile 39.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (37)

huawei/ips_module_firmware v500r005c00

huawei/ips_module_firmware v500r005c20

huawei/ngfw_module_firmware v500r005c00

huawei/nip6600_firmware v500r005c00

huawei/nip6600_firmware v500r005c20

huawei/s12700_firmware v200r010c00spc600

huawei/s12700_firmware v200r011c10spc500

huawei/s12700_firmware v200r011c10spc600

huawei/s12700_firmware v200r013c00spc500

huawei/s12700_firmware v200r019c00spc200

... and 27 more

Published Oct 27, 2021

Tracked Since Feb 18, 2026