CVE-2021-40042

MEDIUM

Huawei - Memory Corruption

Title source: llm

Description

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800.

References (1)

[Vendor Advisory] https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-en

Scores

CVSS v3 6.5

EPSS 0.0017

EPSS Percentile 38.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-763

Status published

Products (9)

huawei/cloudengine_12800_firmware v200r019c10spc800

huawei/cloudengine_12800_firmware v200r019c10spc900

huawei/cloudengine_5800_firmware v200r019c10spc800

huawei/cloudengine_5800_firmware v200r020c00spc600

huawei/cloudengine_6800_firmware v200r019c10spc800

huawei/cloudengine_6800_firmware v200r019c10spc900

huawei/cloudengine_6800_firmware v200r020c00spc600

huawei/cloudengine_6800_firmware v300r020c00spc200

huawei/cloudengine_7800_firmware v200r019c10spc800

Published Jan 31, 2022

Tracked Since Feb 18, 2026