Description
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm
Scores
EPSS
0.0022
EPSS Percentile
44.9%
Details
CWE
CWE-255
Status
published
Products (2)
huawei/vp_9610
< v100r002c02b019sp05
huawei/vp_9620
< v100r002c02b019sp05
Published
Jun 20, 2013
Tracked Since
Feb 18, 2026