Huawei · Huawei Hg255S-10 · CVE-2017-17309
Name of the Vulnerable Software and Affected Versions:
Huawei HG255s-10 version V100R001C163B025SP02
Description:
The issue is due to insufficient validation of received HTTP requests, allowing a remote attacker to access local files on the device without authentication. This is a result of a path traversal vulnerability.
Recommendations:
For Huawei HG255s-10 version V100R001C163B025SP02, consider restricting access to the device until a patch is available, and avoid using HTTP requests that could potentially exploit the path traversal vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.