Vulnerabilites related to huawei - hg532_firmware
Vulnerability from fkie_nvd
Published
2018-03-20 15:29
Modified
2024-11-21 03:17
Severity ?
Summary
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@huawei.com | http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en | Mitigation, Vendor Advisory | |
| psirt@huawei.com | http://www.securityfocus.com/bid/102344 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102344 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | hg532_firmware | - | |
| huawei | hg532 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1370CC-7DB4-4162-8C4F-12EB7F781D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37D1DF9F-CD5A-4AB0-84C5-500CCFBDC6B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
},
{
"lang": "es",
"value": "Huawei HG532 con algunas versiones personalizadas tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante autenticado podr\u00eda enviar paquetes maliciosos al puerto 37215 para iniciar ataques. Si se explota con \u00e9xito, podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo arbitrario."
}
],
"id": "CVE-2017-17215",
"lastModified": "2024-11-21T03:17:40.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-20T15:29:00.203",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
},
{
"source": "psirt@huawei.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102344"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-17215
Vulnerability from cvelistv5
Published
2018-03-20 15:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102344 | vdb-entry, x_refsource_BID | |
| http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | HG532 |
Version: customized versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HG532",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "customized versions"
}
]
}
],
"datePublic": "2017-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-21T09:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"name": "102344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HG532",
"version": {
"version_data": [
{
"version_value": "customized versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102344"
},
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17215",
"datePublished": "2018-03-20T15:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}