Arbitrary File Upload Vulnerability in VCM5010 by Huawei
CVE-2017-2737

8.8HIGH

Key Information:

Vendor: McAfee
Status: Vcm5010
Vendor: CVE Published:; 22 November 2017

Summary

The VCM5010 product from Huawei is susceptible to an arbitrary file upload vulnerability due to insufficient validation of uploaded files in software versions prior to V100R002C50SPC100. This flaw allows authenticated attackers to upload potentially malicious files to the system. Such vulnerabilities can lead to severe security breaches, including unauthorized access and data compromise. It is crucial for organizations using the VCM5010 to ensure their software is updated to mitigate this vulnerability and protect their systems.

Affected Version(s)

VCM5010 Versions earlier before V100R002C50SPC100

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97231

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016