Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
eCNS280 代码问题漏洞
Vulnerability Description
Huawei eCNS280是中国华为(Huawei)公司的无线宽带集群系统的核心网设备。提供传统核心网的网络功能外,还通过将网元功能虚拟化、在多网元间共享标准化硬件资源,来给各网元提供可根据实际应用的容量配置,提高网络扩容减容效率,提升业务上线效率 eCNS280 存在安全漏洞,该漏洞源于V100R005C00和V100R005C10版本存在XXE注入漏洞,模块不会对输入XML消息执行严格的操作。攻击者可利用该漏洞发送特定的消息来利用这个漏洞,导致模块拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A