CVE-2016-8769
MEDIUMHuawei UTPS <UTPS-V200R003B015D16SPC00C983 - Privilege Escalation
Title source: llmDescription
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dhruv Shah · textlocalwindows
https://www.exploit-db.com/exploits/40807
References (4)
Core 4
Core References
Third Party Advisory, URL Repurposed x_refsource_misc
http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94403
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/40807/
Scores
CVSS v3
6.7
EPSS
0.0042
EPSS Percentile
61.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (2)
huawei/utps_firmware
< v200r003b015d15sp00c983
Huawei Technologies Co., Ltd./Huawei UTPS
earlier than UTPS-V200R003B015D16SPC00C983
Published
Apr 02, 2017
Tracked Since
Feb 18, 2026