CVE-2015-7841

Name of the Vulnerable Software and Affected Versions Huawei FusionServer RH2288 V3 versions prior to V100R003C00SPC603 Huawei FusionServer RH2288H V3 versions prior to V100R003C00SPC503 Huawei FusionServer XH628 V3 versions prior to V100R003C00SPC602 Huawei FusionServer RH1288 V3 versions prior to V100R003C00SPC602 Huawei FusionServer RH2288A V2 versions prior to V100R002C00SPC701 Huawei FusionServer RH1288A V2 versions prior to V100R002C00SPC502 Huawei FusionServer RH8100 V3 versions prior to V100R003C00SPC110 Huawei FusionServer CH222 V3 versions prior to V100R001C00SPC161 Huawei FusionServer CH220 V3 versions prior to V100R001C00SPC161 Huawei FusionServer CH121 V3 versions prior to V100R001C00SPC161

Description The issue is related to the lack of input data sanitization on the login page of the server, allowing remote attackers to bypass access restrictions and execute arbitrary commands via unspecified parameters. This can be demonstrated by a "user creation command." The vulnerability may allow a remote attacker to bypass access restrictions and execute commands.

Recommendations For Huawei FusionServer RH2288 V3 versions prior to V100R003C00SPC603, update to V100R003C00SPC603 or later. For Huawei FusionServer RH2288H V3 versions prior to V100R003C00SPC503, update to V100R003C00SPC503 or later. For Huawei FusionServer XH628 V3 versions prior to V100R003C00SPC602, update to V100R003C00SPC602 or later. For Huawei FusionServer RH1288 V3 versions prior to V100R003C00SPC602, update to V100R003C00SPC602 or later. For Huawei FusionServer RH2288A V2 versions prior to V100R002C00SPC701, update to V100R002C00SPC701 or later. For Huawei FusionServer RH1288A V2 versions prior to V100R002C00SPC502, update to V100R002C00SPC502 or later. For Huawei FusionServer RH8100 V3 versions prior to V100R003C00SPC110, update to V100R003C00SPC110 or later. For Huawei FusionServer CH222 V3 versions prior to V100R001C00SPC161, update to V100R001C00SPC161 or later. For Huawei FusionServer CH220 V3 versions prior to V100R001C00SPC161, update to V100R001C00SPC161 or later. For Huawei FusionServer CH121 V3 versions prior to V100R001C00SPC161, update to V100R001C00SPC161 or later.