CVE-2017-2737

VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:vcm5010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:vcm5010:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:24

Type Values Removed Values Added
References () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en - Vendor Advisory () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en - Vendor Advisory
References () http://www.securityfocus.com/bid/97231 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/97231 - Third Party Advisory, VDB Entry

Information

Published : 2017-11-22 19:29

Updated : 2024-11-21 03:24


NVD link : CVE-2017-2737

Mitre link : CVE-2017-2737

CVE.ORG link : CVE-2017-2737


JSON object : View

Products Affected

huawei

  • vcm5010
  • vcm5010_firmware
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type