CVE-2017-2737
HIGHHuawei Vcm5010 Firmware < v100r002c50spc100 - Unrestricted File Upload
Title source: ruleDescription
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97231
Scores
CVSS v3
8.8
EPSS
0.0025
EPSS Percentile
47.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
huawei/vcm5010_firmware
< v100r002c50spc100
Huawei Technologies Co., Ltd./VCM5010
Versions earlier before V100R002C50SPC100
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026