{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-11T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-11-24T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8228", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm", "refsource": "CONFIRM", "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8228", "datePublished": "2015-11-24T20:00:00", "dateReserved": "2015-11-17T00:00:00", "dateUpdated": "2015-11-24T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ar_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBC97868-1A8E-494F-91CF-4B88D3F78FEA", "versionEndIncluding": "v200r006c10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ar120:*:*:*:*:*:*:*:*", "matchCriteriaId": "56D40BC1-0B23-4E8A-98D9-9B39D3799B91", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:ar1200:*:*:*:*:*:*:*:*", "matchCriteriaId": "A72BF4B0-7876-4491-9FA4-922CD2862DD4", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:ar150:*:*:*:*:*:*:*:*", "matchCriteriaId": "90F3C57D-5BC3-4EA2-9667-758858EBB215", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:ar160:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EB80C67-97F4-421A-8070-D09318BD65CF", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:ar200:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5116885-E711-4224-A1D8-A57BF31371EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:ar2200:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E42770-B4FA-486D-85F1-74AB7B1BEC3F", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:ar3200:*:*:*:*:*:*:*:*", "matchCriteriaId": "9278BF6D-EEA2-4BFE-A330-AEBA6AF32FAA", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:ar3600:*:*:*:*:*:*:*:*", "matchCriteriaId": "80E9C107-0DA5-4BD9-A43A-08A15030C5D6", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:ar500:*:*:*:*:*:*:*:*", "matchCriteriaId": "352B3FD3-10E7-4090-9900-10B25C63BF6F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el servidor SFTP en routers Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200 y 3600 con software anterior a V200R006SPH003 permite a usuarios remotos autenticados acceder a directorios arbitrarios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-8228", "lastModified": "2015-11-25T18:31:29.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-24T20:59:21.130", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}