CVE-2017-2738

Name of the Vulnerable Software and Affected Versions VCM5010 versions prior to V100R002C50SPC100

Description The issue is due to improper implementation of authentication for accessing web pages, allowing an unauthenticated attacker to bypass authentication by sending a crafted HTTP request. Additionally, the software does not validate uploaded files, enabling an authenticated attacker to upload arbitrary files to the system.

Recommendations For versions prior to V100R002C50SPC100, update to version V100R002C50SPC100 or later to resolve the authentication bypass and arbitrary file upload issues. As a temporary workaround, consider restricting access to the web interface and implementing additional validation for file uploads until a patch is available.