VAR-201601-0157
Vulnerability from variot - Updated: 2023-12-18 13:44Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. Huawei TE30, TE40, TE50, and TE60 are Huawei's integrated HD video conferencing terminal devices that support intelligent voice calls and Wi-Fi wireless interconnection. Multiple Huawei TE products are prone to a denial-of-service vulnerability and a security-bypass vulnerability. Attackers can exploit these issues to perform denial-of-service attacks or bypass certain security restrictions; this will aid in further attacks. There are security vulnerabilities in several Huawei products. An attacker in close physical proximity could exploit this vulnerability to change passwords. The following products and versions are affected: Huawei TE30, TE40, TE50, and TE60 using software versions earlier than V100R001C10SPC100
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "te50",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "te60",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "te30",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "te40",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "te30",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "te40",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "te50",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "te60",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "te60",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r001c10b022"
},
{
"model": "te60",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r001c10spc100"
},
{
"model": "te60",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v100r001c10b022"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:te60_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v100r001c10b022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8673"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei",
"sources": [
{
"db": "BID",
"id": "77829"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8673",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8673",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00294",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-86634",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8673",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-00294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-196",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86634",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. Huawei TE30, TE40, TE50, and TE60 are Huawei\u0027s integrated HD video conferencing terminal devices that support intelligent voice calls and Wi-Fi wireless interconnection. Multiple Huawei TE products are prone to a denial-of-service vulnerability and a security-bypass vulnerability. \nAttackers can exploit these issues to perform denial-of-service attacks or bypass certain security restrictions; this will aid in further attacks. There are security vulnerabilities in several Huawei products. An attacker in close physical proximity could exploit this vulnerability to change passwords. The following products and versions are affected: Huawei TE30, TE40, TE50, and TE60 using software versions earlier than V100R001C10SPC100",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "BID",
"id": "77829"
},
{
"db": "VULHUB",
"id": "VHN-86634"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8673",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00294",
"trust": 0.6
},
{
"db": "BID",
"id": "77829",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-86634",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "BID",
"id": "77829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"id": "VAR-201601-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
}
]
},
"last_update_date": "2023-12-18T13:44:18.187000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151125-01-TE",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462952"
},
{
"title": "Patches for various Huawei product password modification vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70126"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59548"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462952"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8673"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8673"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462952.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "BID",
"id": "77829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "BID",
"id": "77829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"date": "2016-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-86634"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "77829"
},
{
"date": "2016-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"date": "2016-01-12T20:59:06.560000",
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"date": "2016-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"date": "2016-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-86634"
},
{
"date": "2016-01-14T23:58:00",
"db": "BID",
"id": "77829"
},
{
"date": "2016-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"date": "2016-01-20T08:15:59.810000",
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"date": "2016-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei TE Password change vulnerability in product software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…