CVE-2017-17309
HIGHHuawei HG255s-10 V100R001C163B025SP02 - Unauthenticated Path Traversal
Title source: llmDescription
Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html
Scores
CVSS v3
7.5
EPSS
0.0710
EPSS Percentile
91.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
huawei/hg255s-10_firmware
v100r001c163b025sp02
Published
Jun 14, 2018
Tracked Since
Feb 18, 2026