CVE-2016-5234
HIGHHuawei VP9660 VP9650 VP9630 and RSE6500 < V500R002C00SPC200 - Remote Code Execution via Crafted Packet
Title source: llmDescription
Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/90978
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoconference-en
Scores
CVSS v3
8.1
EPSS
0.0167
EPSS Percentile
82.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (4)
huawei/rse6500_firmware
v100r001c00
huawei/vp9600_series_firmware
v200r001c01
huawei/vp9600_series_firmware
v200r001c02
huawei/vp9600_series_firmware
v200r001c30
Published
Jun 13, 2016
Tracked Since
Feb 18, 2026