Description
Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463084.htm
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
27.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
huawei/vcn500
v100r002c00spc200
huawei/vcn500
v100r002c00spc200b010
Published
Jan 11, 2016
Tracked Since
Feb 18, 2026