Command Injection Vulnerability in VCM5010 by Huawei
CVE-2017-2736

7.2HIGH

Key Information:

Vendor: McAfee
Status: Vcm5010
Vendor: CVE Published:; 22 November 2017

What is CVE-2017-2736?

The VCM5010 device from Huawei is susceptible to a command injection vulnerability due to inadequate validation of user inputs. This flaw allows authenticated attackers to execute arbitrary commands on the system, potentially leading to unauthorized control over the device. It is crucial for users to ensure their software is updated to versions later than V100R002C50SPC100 to mitigate this risk.

Affected Version(s)

VCM5010 Versions earlier before V100R002C50SPC100

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97231

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016

McAfee

What is CVE-2017-2736?

Affected Version(s)

References

CVSS V3.1

Timeline