cvelistv5 - CVE-2017-17215

CVE-2017-17215 (GCVE-0-2017-17215)

Vulnerability from cvelistv5 – Published: 2018-03-20 15:00 – Updated: 2024-08-05 20:43

Summary

Severity ?

No CVSS data available.

CWE

remote code execution

Assigner

huawei

References

URL

Tags

	http://www.securityfocus.com/bid/102344	vdb-entryx_refsource_BID
	http://www.huawei.com/en/psirt/security-notices/h…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	HG532	Affected: customized versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102344",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102344"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HG532",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "customized versions"
            }
          ]
        }
      ],
      "datePublic": "2017-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "name": "102344",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102344"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17215",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HG532",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "customized versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102344",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102344"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-17215",
    "datePublished": "2018-03-20T15:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D1370CC-7DB4-4162-8C4F-12EB7F781D06\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37D1DF9F-CD5A-4AB0-84C5-500CCFBDC6B0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"Huawei HG532 con algunas versiones personalizadas tiene una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo. Un atacante autenticado podr\\u00eda enviar paquetes maliciosos al puerto 37215 para iniciar ataques. Si se explota con \\u00e9xito, podr\\u00eda conducir a la ejecuci\\u00f3n remota de c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2017-17215",
      "lastModified": "2024-11-21T03:17:40.740",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-03-20T15:29:00.203",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102344\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17215\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2018-03-20T15:29:00.203\",\"lastModified\":\"2024-11-21T03:17:40.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Huawei HG532 con algunas versiones personalizadas tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante autenticado podr\u00eda enviar paquetes maliciosos al puerto 37215 para iniciar ataques. Si se explota con \u00e9xito, podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1370CC-7DB4-4162-8C4F-12EB7F781D06\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37D1DF9F-CD5A-4AB0-84C5-500CCFBDC6B0\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102344\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GHSA-H4HX-PMCG-3856

Vulnerability from github – Published: 2022-05-14 03:30 – Updated: 2022-05-14 03:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-20T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.",
  "id": "GHSA-h4hx-pmcg-3856",
  "modified": "2022-05-14T03:30:36Z",
  "published": "2022-05-14T03:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17215"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102344"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201803-1048

Vulnerability from variot - Updated: 2023-12-18 12:44

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. Huawei HG532 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HuaweiHG532 series router is a wireless router product for home and small office users. Huawei HG532 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1048",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hg532",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hg532",
        "scope": null,
        "trust": 1.4,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hg532",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Check Point Software Technologies Research Department",
    "sources": [
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-17215",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-17215",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-38447",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-108215",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-17215",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-17215",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-38447",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-1038",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108215",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-17215",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. Huawei HG532 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HuaweiHG532 series router is a wireless router product for home and small office users. Huawei HG532 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-108215",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43414",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-17215",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "102344",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "38553",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "43414",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-97010",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "id": "VAR-201803-1048",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      }
    ],
    "trust": 1.3875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:44:09.969000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sn-20171130-01-hg532",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
      },
      {
        "title": "Huawei HG532 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77390"
      },
      {
        "title": "HG532d-RCE-Exploit",
        "trust": 0.1,
        "url": "https://github.com/wilfred-wulbou/hg532d-rce-exploit "
      },
      {
        "title": "learning-with-sakura",
        "trust": 0.1,
        "url": "https://github.com/0bs3rver/learning-with-sakura "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/102344"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17215"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17215"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-1016.html#vulnerability"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/38553"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/my/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/"
      },
      {
        "trust": 0.3,
        "url": "https://blog.newskysecurity.com/huawei-router-exploit-involved-in-satori-and-brickerbot-given-away-for-free-on-christmas-by-ac52fe5e4516"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "BID",
        "id": "102344"
      },
      {
        "date": "2018-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "date": "2018-03-20T15:29:00.203000",
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "BID",
        "id": "102344"
      },
      {
        "date": "2018-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "date": "2018-04-19T15:04:20.200000",
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "date": "2018-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei HG532 Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-38447

Vulnerability from cnvd - Published: 2017-12-28

Title

Huawei HG532系列路由器远程代码执行漏洞

Description

Huawei HG532系列路由器是一款为家庭和小型办公用户打造的无线路由器产品。 Huawei HG532系列路由器存在远程代码执行漏洞。认证后的攻击者可以向设备37215端口发送恶意报文发起攻击，成功利用漏洞可以远程执行任意代码。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用措施规避或预防该漏洞的攻击，详情请向当地服务提供商或华为TAC咨询： http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn

Reference

http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn

Impacted products

Name
Huawei HG532

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17215"
    }
  },
  "description": "Huawei HG532\u7cfb\u5217\u8def\u7531\u5668\u662f\u4e00\u6b3e\u4e3a\u5bb6\u5ead\u548c\u5c0f\u578b\u529e\u516c\u7528\u6237\u6253\u9020\u7684\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nHuawei HG532\u7cfb\u5217\u8def\u7531\u5668\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8ba4\u8bc1\u540e\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5411\u8bbe\u590737215\u7aef\u53e3\u53d1\u9001\u6076\u610f\u62a5\u6587\u53d1\u8d77\u653b\u51fb\uff0c\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u53ef\u4ee5\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Check Point\u8f6f\u4ef6\u6280\u672f\u7814\u7a76\u90e8\u95e8",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u63aa\u65bd\u89c4\u907f\u6216\u9884\u9632\u8be5\u6f0f\u6d1e\u7684\u653b\u51fb\uff0c\u8be6\u60c5\u8bf7\u5411\u5f53\u5730\u670d\u52a1\u63d0\u4f9b\u5546\u6216\u534e\u4e3aTAC\u54a8\u8be2\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-38447",
  "openTime": "2017-12-28",
  "products": {
    "product": "Huawei HG532"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn",
  "serverity": "\u9ad8",
  "submitTime": "2017-12-25",
  "title": "Huawei HG532\u7cfb\u5217\u8def\u7531\u5668\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GSD-2017-17215

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-17215

Aliases

CVE-2017-17215

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17215",
    "description": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.",
    "id": "GSD-2017-17215"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17215"
      ],
      "details": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.",
      "id": "GSD-2017-17215",
      "modified": "2023-12-13T01:21:05.141152Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2017-17215",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HG532",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "customized versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "remote code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102344",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102344"
          },
          {
            "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17215"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
            },
            {
              "name": "102344",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102344"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-04-19T15:04Z",
      "publishedDate": "2018-03-20T15:29Z"
    }
  }
}

FKIE_CVE-2017-17215

Vulnerability from fkie_nvd - Published: 2018-03-20 15:29 - Updated: 2024-11-21 03:17

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en	Mitigation, Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/102344	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102344	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	huawei	hg532_firmware	-
	huawei	hg532	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D1370CC-7DB4-4162-8C4F-12EB7F781D06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37D1DF9F-CD5A-4AB0-84C5-500CCFBDC6B0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
    },
    {
      "lang": "es",
      "value": "Huawei HG532 con algunas versiones personalizadas tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante autenticado podr\u00eda enviar paquetes maliciosos al puerto 37215 para iniciar ataques. Si se explota con \u00e9xito, podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2017-17215",
  "lastModified": "2024-11-21T03:17:40.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-20T15:29:00.203",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102344"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-17215 (GCVE-0-2017-17215)

GHSA-H4HX-PMCG-3856

VAR-201803-1048

CNVD-2017-38447

GSD-2017-17215

FKIE_CVE-2017-17215

Tags

Sightings

Nomenclature