CVE-2021-40042
Description
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A release of invalid pointer vulnerability in Huawei CloudEngine switches can cause process or service abnormal, resolved in patches listed in the advisory.
Vulnerability
A release of invalid pointer vulnerability exists in Huawei CloudEngine series switches. Affected products and versions include CloudEngine 12800 V200R019C10SPC800 and V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800 and V200R020C00SPC600; CloudEngine 6800 V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, and V300R020C00SPC200; and CloudEngine 7800 V200R019C10SPC800 [1]. The vulnerability (HWPSIRT-2021-64225) was discovered by an internal Huawei tester [1].
Exploitation
An attacker may exploit this vulnerability by sending crafted network traffic to an affected device, causing the invalid pointer release [1]. The advisory does not detail specific prerequisites such as authentication or network position, but the vulnerability is remotely exploitable over the network [1]. Successful exploitation requires no user interaction [1].
Impact
Successful exploitation may cause the affected process and service to become abnormal [1]. This could lead to denial of service (DoS) conditions, impacting the availability of the switch [1]. No information disclosure or code execution is mentioned in the available references [1].
Mitigation
Huawei has released software updates to fix this vulnerability. Resolved versions are: CloudEngine 12800 V200R019SPH007; CloudEngine 5800 V200R019SPH007 (for V200R019C10SPC800) and V200R020SPH001 (for V200R020C00SPC600); CloudEngine 6800 V200R019SPH007 (for V200R019C10SPC800/900) and V200R020SPH001 (for V200R020C00SPC600) and V300R020SPH002 (for V300R020C00SPC200); CloudEngine 7800 V200R019SPH007 [1]. Customers should upgrade to the fixed versions as soon as possible [1]. No workarounds are provided [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei/CloudEnginedescription
- Range: = V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200
- Range: = V200R019C10SPC800, V200R019C10SPC900
- Range: = V200R019C10SPC800, V200R020C00SPC600
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.