CVE-2015-8675

MEDIUM

Huawei S5300 Firmware - Credentials Management

Title source: rule

Description

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en

Scores

CVSS v3 6.2

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-255

Status draft

Affected Products (1)

huawei/s5300_firmware

Timeline

Published Jan 15, 2016

Tracked Since Feb 18, 2026