CVE-2017-2737

Опубликовано: 22 нояб. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en
Vendor Advisory
http://www.securityfocus.com/bid/97231
Third Party Advisory
VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en
Vendor Advisory
http://www.securityfocus.com/bid/97231
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:vcm5010_firmware:*:*:*:*:*:*:*:*

Версия до v100r002c50spc100 (исключая)

cpe:2.3:h:huawei:vcm5010:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00247

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-9wx5-w654-3m84