CVE-2021-22292

Name of the Vulnerable Software and Affected Versions: eCNS280 versions V100R005C00, V100R005C10

Description: The issue is a denial of service (DoS) vulnerability due to a design defect. Remote unauthorized attackers can send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.

Recommendations: For eCNS280 versions V100R005C00 and V100R005C10, consider implementing rate limiting on incoming messages to prevent system resource exhaustion until a patch is available. As a temporary workaround, restrict access to the affected devices to minimize the risk of exploitation.