VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
References
Link | Resource |
---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en | Vendor Advisory |
http://www.securityfocus.com/bid/97231 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: huawei
Published: 2017-11-15T00:00:00
Updated: 2017-11-23T10:57:01
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2738
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-22T19:29:02.020
Modified: 2017-12-11T17:47:48.677
Link: CVE-2017-2738
JSON object: View
Redhat Information
No data.
CWE