Login Sign Up

CVE-2021-22363

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Huawei eCNS280_TD devices allows attackers to cause service disruption through improper resource management. Attackers need specific access to exploit it, leading to abnormal service conditions. Affects Huawei eCNS280_TD V100R005C10SPC650 deployments.

💻 Affected Systems

Products:
  • Huawei eCNS280_TD
Versions: V100R005C10SPC650
Operating Systems: Huawei proprietary OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific Huawei telecommunications equipment; requires attacker to perform specific operations on the device.

📦 What is this software?

Ecns280 Td Firmware by Huawei

View all CVEs affecting Ecns280 Td Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of affected Huawei eCNS280_TD devices, disrupting telecommunications services dependent on this equipment.

🟠

Likely Case

Service degradation or temporary unavailability of affected devices requiring manual intervention to restore normal operation.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place to detect and respond to exploitation attempts.

🌐 Internet-Facing: MEDIUM - While exploitation requires specific operations, internet-facing devices could be targeted if attackers gain initial access through other means.
🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit this to disrupt critical telecommunications services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires performing specific operations on the device; no public exploit code available as per advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V100R005C10SPC650 patch version (contact Huawei for specific patch)

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en

Restart Required: Yes

Instructions:

1. Contact Huawei support for the specific patch 2. Apply patch following Huawei's deployment procedures 3. Restart affected devices 4. Verify service restoration

🔧 Temporary Workarounds

Restrict Access Controls

all

Limit administrative and operational access to affected devices to only authorized personnel

Network Segmentation

all

Isolate affected devices in separate network segments with strict firewall rules

🧯 If You Can't Patch

  • Implement strict access controls and monitoring for all administrative interfaces
  • Deploy network-based intrusion detection to monitor for abnormal resource consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check device version via Huawei CLI: display version | include V100R005C10SPC650

Check Version:

display version

Verify Fix Applied:

Verify patch installation via Huawei CLI and confirm service stability through monitoring

📡 Detection & Monitoring

Log Indicators:

  • Abnormal resource consumption logs
  • Service restart events
  • Unauthorized access attempts to device management interfaces

Network Indicators:

  • Unusual traffic patterns to/from affected devices
  • Multiple connection attempts to management ports

SIEM Query:

source="huawei_device" AND (event_type="resource_exhaustion" OR event_type="service_restart")

📊 Metadata

CVE ID: CVE-2021-22363
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
Published: June 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22363, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)