VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
References
Link | Resource |
---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en | Vendor Advisory |
http://www.securityfocus.com/bid/97231 | Third Party Advisory VDB Entry |
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en | Vendor Advisory |
http://www.securityfocus.com/bid/97231 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/97231 - Third Party Advisory, VDB Entry |
Information
Published : 2017-11-22 19:29
Updated : 2024-11-21 03:24
NVD link : CVE-2017-2737
Mitre link : CVE-2017-2737
CVE.ORG link : CVE-2017-2737
JSON object : View
Products Affected
huawei
- vcm5010
- vcm5010_firmware
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type