Search criteria
4 vulnerabilities found for hg532s by huawei
VAR-201511-0079
Vulnerability from variot - Updated: 2023-12-18 12:37Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. For example, a remote attacker http://[IP address ]:37215/icon/../../../etc/inittab By directly accessing inittab It is possible to get the file. Depending on your settings, LAN You may be exposed to these attacks from the outside. Huawei HG532e, HG532n, and HG532s are wireless router products from Huawei. Multiple Huawei HG532 routers are prone to a directory-traversal vulnerability. An attacker can exploit this issue to obtain sensitive information that could aid in further attacks. The following products are affected: Huawei HG532e, HG532n, HG532s
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg532n",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "hg532e",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "hg532s",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "hg532s",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "hg532n",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "hg532e",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws550-10",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ws318-10",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "hg532s",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "hg532n",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "hg532e",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "hg532",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ws550-10 v100r001c01b020",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ws550-10 v100r001c01b019",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ws318-10 v100r001c01b022",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "hg532e v100r001c02b017",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hg532s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:hg532e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:hg532n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roberto Paleari and Aristide Fattori",
"sources": [
{
"db": "BID",
"id": "77506"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 3.3,
"collateralDamagePotential": "NONE",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 2.0,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 6.5,
"id": "CVE-2015-7254",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "LOW",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7254",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-07474",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85215",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7254",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7254",
"trust": 0.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2015-07474",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-114",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85215",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. For example, a remote attacker http://[IP address ]:37215/icon/../../../etc/inittab By directly accessing inittab It is possible to get the file. Depending on your settings, LAN You may be exposed to these attacks from the outside. Huawei HG532e, HG532n, and HG532s are wireless router products from Huawei. Multiple Huawei HG532 routers are prone to a directory-traversal vulnerability. \nAn attacker can exploit this issue to obtain sensitive information that could aid in further attacks. The following products are affected: Huawei HG532e, HG532n, HG532s",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "VULHUB",
"id": "VHN-85215"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85215",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85215"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7254",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#438928",
"trust": 4.2
},
{
"db": "BID",
"id": "77506",
"trust": 1.4
},
{
"db": "EXPLOIT-DB",
"id": "45991",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94520968",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07474",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89721",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-89765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150788",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85215",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"id": "VAR-201511-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
}
],
"trust": 1.27187501
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07474"
}
]
},
"last_update_date": "2023-12-18T12:37:55.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patches for various Huawei product catalog traversal vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/66572"
},
{
"title": "Multiple Huawei Product Directory Traversal Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58609"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/77506"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
},
{
"trust": 1.1,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"trust": 1.1,
"url": "https://github.com/0xadrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-460507.htm"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7254"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94520968/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7254"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2015/hw-462908"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-06T00:00:00",
"db": "CERT/CC",
"id": "VU#438928"
},
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"date": "2015-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-85215"
},
{
"date": "2015-11-06T00:00:00",
"db": "BID",
"id": "77506"
},
{
"date": "2015-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"date": "2015-11-07T03:59:01.517000",
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-09T00:00:00",
"db": "CERT/CC",
"id": "VU#438928"
},
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"date": "2018-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-85215"
},
{
"date": "2016-11-24T01:09:00",
"db": "BID",
"id": "77506"
},
{
"date": "2015-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"date": "2018-12-15T11:29:00.600000",
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei HG532 routers contain a path traversal vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
],
"trust": 0.6
}
}
FKIE_CVE-2015-7254
Vulnerability from fkie_nvd - Published: 2015-11-07 03:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hg532e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "630E70ED-A042-44AC-98D2-0D7A2D088DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:hg532n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C09FB9D-3E5D-40C2-BE89-F42CFFAD6887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:hg532s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25C3CF6-61F9-4DAE-A757-9A81FB38B80A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en dispositivos Huawei HG532e, HG532n y HG532s permite a atacantes remotos leer archivos arbitrarios a traves de .. (punto punto) en una URI icon/."
}
],
"id": "CVE-2015-7254",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-07T03:59:01.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/77506"
},
{
"source": "cve@mitre.org",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45991/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-7254 (GCVE-0-2015-7254)
Vulnerability from cvelistv5 – Published: 2015-11-07 02:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45991",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"name": "VU#438928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"name": "77506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-15T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45991",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"name": "VU#438928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"name": "77506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45991",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"name": "VU#438928",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"name": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py",
"refsource": "MISC",
"url": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"name": "77506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77506"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-462908",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7254",
"datePublished": "2015-11-07T02:00:00",
"dateReserved": "2015-09-18T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7254 (GCVE-0-2015-7254)
Vulnerability from nvd – Published: 2015-11-07 02:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45991",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"name": "VU#438928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"name": "77506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-15T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45991",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"name": "VU#438928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"name": "77506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45991",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"name": "VU#438928",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"name": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py",
"refsource": "MISC",
"url": "https://github.com/0xAdrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"name": "77506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77506"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-462908",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7254",
"datePublished": "2015-11-07T02:00:00",
"dateReserved": "2015-09-18T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}