CVE-2017-17223

Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:espace_7910_firmware:v200r003c30:*:*:*:*:*:*:*
cpe:2.3:h:huawei:espace_7910:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:espace_7950_firmware:v200r003c30:*:*:*:*:*:*:*
cpe:2.3:h:huawei:espace_7950:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:huawei:espace_8950_firmware:v200r003c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:espace_8950_firmware:v200r003c30:*:*:*:*:*:*:*
cpe:2.3:h:huawei:espace_8950:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:17

Type Values Removed Values Added
References () http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en - Vendor Advisory () http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en - Vendor Advisory

Information

Published : 2018-03-09 17:29

Updated : 2024-11-21 03:17


NVD link : CVE-2017-17223

Mitre link : CVE-2017-17223

CVE.ORG link : CVE-2017-17223


JSON object : View

Products Affected

huawei

  • espace_8950
  • espace_8950_firmware
  • espace_7950_firmware
  • espace_7910_firmware
  • espace_7950
  • espace_7910
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')