CVE-2017-2737

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 52.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Vcm5010 FirmwareHuawei Technologies Co., Ltd. Vcm5010
Timeline
PublishedNov 22
Latest updateMay 17

Description

VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/vcm5010_firmware< v100r002c50spc100
CVEListV5huawei_technologies_co.,_ltd./vcm5010Versions earlier before V100R002C50SPC100

🔴Vulnerability Details

2
GHSA
GHSA-9wx5-w654-3m84: VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability2022-05-17
CVEList
CVE-2017-2737: VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability2017-11-22
CVE-2017-2737 (HIGH CVSS 8.8) | VCM5010 with software versions earl | cvebase.io