PT-2017-15525 · Huawei · Vcm5010+1
Published
2017-03-29
·
Updated
2017-12-11
·
CVE-2017-2738
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VCM5010 versions prior to V100R002C50SPC100
Description
The issue is due to improper implementation of authentication for accessing web pages, allowing an unauthenticated attacker to bypass authentication by sending a crafted HTTP request. Additionally, the software does not validate uploaded files, enabling an authenticated attacker to upload arbitrary files to the system.
Recommendations
For versions prior to V100R002C50SPC100, update to version V100R002C50SPC100 or later to resolve the authentication bypass and arbitrary file upload issues. As a temporary workaround, consider restricting access to the web interface and implementing additional validation for file uploads until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
Vcm5010