CVE-2017-2738

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.3%
top 20.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Vcm5010 FirmwareHuawei Technologies Co., Ltd. Vcm5010
Timeline
PublishedNov 22
Latest updateMay 17

Description

VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/vcm5010_firmware< v100r002c50spc100
CVEListV5huawei_technologies_co.,_ltd./vcm5010Versions earlier before V100R002C50SPC100

🔴Vulnerability Details

2
GHSA
GHSA-664w-gxq6-68m4: VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability2022-05-17
CVEList
CVE-2017-2738: VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability2017-11-22
CVE-2017-2738 (CRITICAL CVSS 9.8) | VCM5010 with software versions earl | cvebase.io