VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
References
Link | Resource |
---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en | Vendor Advisory |
http://www.securityfocus.com/bid/97231 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2017-11-22 19:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-2737
Mitre link : CVE-2017-2737
CVE.ORG link : CVE-2017-2737
JSON object : View
Products Affected
huawei
- vcm5010_firmware
- vcm5010
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type