CVE-2017-2738
CRITICALHuawei VCM5010 < V100R002C50SPC100 - Unauthenticated Authentication Bypass via Crafted HTTP Request
Title source: llmDescription
VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97231
Scores
CVSS v3
9.8
EPSS
0.0125
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
huawei/vcm5010_firmware
< v100r002c50spc100
Huawei Technologies Co., Ltd./VCM5010
Versions earlier before V100R002C50SPC100
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026