CVE-2021-22310

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.

Published: Mar 22, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22310
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
huawei / nip6300_firmware	500r001c00	500r001c00.x
huawei / nip6300_firmware	500r001c20	500r001c20.x
huawei / nip6300_firmware	500r001c30	500r001c30.x
huawei / nip6600_firmware	500r001c00	500r001c00.x
huawei / nip6600_firmware	500r001c20	500r001c20.x
huawei / nip6600_firmware	500r001c30	500r001c30.x
huawei / secospace_usg6300_firmware	500r001c00	500r001c00.x
huawei / secospace_usg6300_firmware	500r001c20	500r001c20.x
huawei / secospace_usg6300_firmware	500r001c30	500r001c30.x
huawei / secospace_usg6500_firmware	500r001c00	500r001c00.x
huawei / secospace_usg6500_firmware	500r001c20	500r001c20.x
huawei / secospace_usg6500_firmware	500r001c30	500r001c30.x
huawei / secospace_usg6600_firmware	500r001c00	500r001c00.x
huawei / secospace_usg6600_firmware	500r001c20	500r001c20.x
huawei / secospace_usg6600_firmware	500r001c30	500r001c30.x
huawei / secospace_usg6600_firmware	500r001c50	500r001c50.x
huawei / secospace_usg6600_firmware	500r001c60	500r001c60.x
huawei / secospace_usg6600_firmware	500r001c80	500r001c80.x
huawei / usg9500_firmware	500r005c00	500r005c00.x
huawei / usg9500_firmware	500r005c10	500r005c10.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en

Vulnerability Database

289,599

CVE-2021-22310