There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.
[
{
"product": "eCNS280",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R005C00,V100R005C10"
}
]
}
]