A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/CJCniubi666/H3C-ER/blob/main/README.md | Exploit Third Party Advisory |
https://github.com/yinsel/CVE-H3C-Report | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.240238 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.240238 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
History
26 Sep 2023, 20:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
H3c er5100g2 Firmware
H3c er3260g2 Firmware H3c er6300g2 H3c gr-2200 Firmware H3c gr-1108-p Firmware H3c gr-3200 H3c gr-1100-p H3c er3260g2 H3c er2100n Firmware H3c gr-1200w H3c gr-1100-p Firmware H3c gr-2200 H3c er2100n H3c H3c gr-1108-p H3c gr-1800ax Firmware H3c er3200g2 H3c gr-1800ax H3c er5200g2 Firmware H3c gr-8300 H3c er3200g2 Firmware H3c er5200g2 H3c er5100g2 H3c er2200g2 H3c gr-3200 Firmware H3c gr-5200 H3c er6300g2 Firmware H3c gr-1200w Firmware H3c gr-8300 Firmware H3c er2200g2 Firmware H3c gr-5200 Firmware |
|
References | (MISC) https://vuldb.com/?id.240238 - Third Party Advisory | |
References | (MISC) https://github.com/yinsel/CVE-H3C-Report - Exploit, Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.240238 - Permissions Required, Third Party Advisory | |
References | (MISC) https://github.com/CJCniubi666/H3C-ER/blob/main/README.md - Exploit, Third Party Advisory | |
CPE | cpe:2.3:o:h3c:er6300g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:h3c:gr-1108-p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:er3260g2:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:gr-3200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:h3c:er5100g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:er5200g2:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:gr-1100-p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:h3c:gr-2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:er3200g2:-:*:*:*:*:*:*:* cpe:2.3:h:h3c:gr-1800ax:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:er3200g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:er2100n:-:*:*:*:*:*:*:* cpe:2.3:h:h3c:er2200g2:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:gr-5200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:h3c:gr-1200w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:er5100g2:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:er2100n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:gr-1200w:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:gr-8300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:h3c:gr-1800ax_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:gr-1100-p:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:er3260g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:er6300g2:-:*:*:*:*:*:*:* cpe:2.3:h:h3c:gr-2200:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:er5200g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:gr-1108-p:-:*:*:*:*:*:*:* cpe:2.3:h:h3c:gr-8300:-:*:*:*:*:*:*:* cpe:2.3:o:h3c:er2200g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:h3c:gr-5200:-:*:*:*:*:*:*:* cpe:2.3:h:h3c:gr-3200:-:*:*:*:*:*:*:* |
24 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-24 22:15
Updated : 2024-05-17 02:32
NVD link : CVE-2023-5142
Mitre link : CVE-2023-5142
CVE.ORG link : CVE-2023-5142
JSON object : View
Products Affected
h3c
- er3260g2_firmware
- er3200g2
- er2100n
- gr-2200_firmware
- gr-1108-p_firmware
- er2200g2
- gr-1800ax_firmware
- gr-3200
- er5200g2
- er6300g2
- gr-2200
- gr-5200
- er6300g2_firmware
- gr-3200_firmware
- er2200g2_firmware
- er5100g2_firmware
- gr-8300
- gr-8300_firmware
- er2100n_firmware
- er5200g2_firmware
- er3200g2_firmware
- gr-1200w_firmware
- er5100g2
- gr-1108-p
- er3260g2
- gr-1200w
- gr-1100-p_firmware
- gr-1100-p
- gr-1800ax
- gr-5200_firmware
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')