Login Sign Up

CVE-2021-22292

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to cause denial of service (DoS) on affected Huawei eCNS280 devices by sending a large number of specific messages that exhaust system resources. The attack can be performed without authentication, affecting the web application functionality. Only eCNS280 devices running specific vulnerable versions are impacted.

💻 Affected Systems

Products:
  • Huawei eCNS280
Versions: V100R005C00, V100R005C10
Operating Systems: Embedded system
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects specific firmware versions of the eCNS280 product. Devices with default configurations are vulnerable.

📦 What is this software?

Ecns280 Firmware by Huawei

View all CVEs affecting Ecns280 Firmware →

Ecns280 Firmware by Huawei

View all CVEs affecting Ecns280 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of the web application interface and potential disruption of network services managed by the device, requiring physical intervention to restore functionality.

🟠

Likely Case

Web application becomes unresponsive or crashes, preventing administrative access through the web interface while core network functions may continue operating.

🟢

If Mitigated

With proper network segmentation and access controls, the attack surface is reduced, limiting potential impact to isolated network segments.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires sending specific messages to trigger resource exhaustion. No authentication is required to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V100R005C20 or later

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en

Restart Required: Yes

Instructions:

1. Download the updated firmware version V100R005C20 or later from Huawei support portal. 2. Backup current configuration. 3. Upload and install the new firmware. 4. Reboot the device. 5. Verify the firmware version after reboot.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to the device's management interface to trusted IP addresses only

Rate Limiting

all

Implement rate limiting on network traffic to the device to prevent flood attacks

🧯 If You Can't Patch

  • Isolate the device in a separate network segment with strict access controls
  • Implement network monitoring and alerting for unusual traffic patterns to the device

🔍 How to Verify

Check if Vulnerable:

Check the device firmware version via the web interface or CLI. If version is V100R005C00 or V100R005C10, the device is vulnerable.

Check Version:

display version (CLI command) or check System Information in web interface

Verify Fix Applied:

After patching, verify the firmware version shows V100R005C20 or later and test web interface functionality under normal load.

📡 Detection & Monitoring

Log Indicators:

  • Unusually high number of connection attempts
  • System resource exhaustion warnings
  • Web service crash/restart events

Network Indicators:

  • High volume of specific message types to device management interface
  • Sudden increase in traffic to device port

SIEM Query:

source_ip="device_ip" AND (event_type="connection_flood" OR resource_usage>90%)

📊 Metadata

CVE ID: CVE-2021-22292
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: February 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON