Authentication Bypass and File Upload Issue in Huawei VCM5010
CVE-2017-2738

9.8CRITICAL

Key Information:

Vendor: McAfee
Status: Vcm5010
Vendor: CVE Published:; 22 November 2017

Summary

The Huawei VCM5010 device exhibits significant security flaws due to improper authentication mechanisms and inadequate file validation processes. An attacker can exploit these vulnerabilities by sending tailored HTTP requests to evade authentication checks, granting them unauthorized access to the system. Additionally, the device allows authenticated users to upload arbitrary files without sufficient validation, potentially leading to further exploits within the affected environment.

Affected Version(s)

VCM5010 Versions earlier before V100R002C50SPC100

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97231

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016