PT-2018-6454 · Huawei · Huawei Espace 7950+2
Published
2018-03-09
·
Updated
2018-03-26
·
CVE-2017-17223
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Huawei eSpace 7910 version V200R003C30
Huawei eSpace 7950 version V200R003C30
Huawei eSpace 8950 versions V200R003C00 through V200R003C30
Description:
The issue allows an authenticated, remote attacker to exploit a directory traversal vulnerability by crafting a specific URL to the affected products. Due to insufficient verification of the URL, a successful exploit can lead to the upload and download of files, causing information leaks and system crashes.
Recommendations:
For Huawei eSpace 7910 version V200R003C30, update to a version that addresses the directory traversal vulnerability.
For Huawei eSpace 7950 version V200R003C30, update to a version that addresses the directory traversal vulnerability.
For Huawei eSpace 8950 versions V200R003C00 through V200R003C30, update to a version that addresses the directory traversal vulnerability.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Espace 7910
Huawei Espace 7950
Huawei Espace 8950