PT-2023-31817 · H3C · H3C Er2100N+14
Yinsel975
·
Published
2023-09-24
·
Updated
2024-05-17
·
CVE-2023-5142
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
H3C GR-1100-P versions up to 20230908
H3C GR-1108-P versions up to 20230908
H3C GR-1200W versions up to 20230908
H3C GR-1800AX versions up to 20230908
H3C GR-2200 versions up to 20230908
H3C GR-3200 versions up to 20230908
H3C GR-5200 versions up to 20230908
H3C GR-8300 versions up to 20230908
H3C ER2100n versions up to 20230908
H3C ER2200G2 versions up to 20230908
H3C ER3200G2 versions up to 20230908
H3C ER3260G2 versions up to 20230908
H3C ER5100G2 versions up to 20230908
H3C ER5200G2 versions up to 20230908
H3C ER6300G2 versions up to 20230908
Description
A vulnerability was found in the file /userLogin.asp of the component Config File Handler, leading to path traversal. The attack can be initiated remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
H3C Er2100N
H3C Er2200G2
H3C Er3200G2
H3C Er3260G2
H3C Er5100G2
H3C Er5200G2
H3C Er6300G2
H3C Gr-1100-P
H3C Gr-1108-P
H3C Gr-1200W
H3C Gr-1800Ax
H3C Gr-2200
H3C Gr-3200
H3C Gr-5200
H3C Gr-8300