Описание
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*
Конфигурация 2Версия до v100r001c10b022 (включая)
cpe:2.3:o:huawei:te60_firmware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00027
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
CVSS3: 6.8
github
больше 3 лет назад
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.
EPSS
Процентиль: 7%
0.00027
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-255