SQL Injection Vulnerability in Huawei UMA V200R001C00
CVE-2017-15329

8.8HIGH

Key Information:

Vendor: McAfee
Status: Uma
Vendor: CVE Published:; 15 February 2018

Summary

Huawei UMA V200R001C00 is susceptible to an SQL injection vulnerability within its operation and maintenance module. An attacker, by logging in as a standard user, can send carefully crafted HTTP requests containing malicious SQL statements. The lack of proper input validation allows these crafted requests to be executed by the server, potentially enabling the attacker to manipulate the database through arbitrary SQL queries, which can lead to unauthorized data access and manipulation.

Affected Version(s)

UMA V200R001C00

References

http://www.huawei.com/en/psirt/security-advisories/2017/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
Oct 14, 2017