CVE-2015-8673
MEDIUMHuawei TE30, TE40, TE50, and TE60 < V100R001C10SPC100 - Unauthenticated Debug Account Password Change
Title source: llmDescription
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/hw-462952
Scores
CVSS v3
6.8
EPSS
0.0003
EPSS Percentile
8.3%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-255
Status
published
Products (5)
huawei/te30
huawei/te40
huawei/te50
huawei/te60
huawei/te60_firmware
< v100r001c10b022
Published
Jan 12, 2016
Tracked Since
Feb 18, 2026