var-201601-0157
Vulnerability from variot
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. Huawei TE30, TE40, TE50, and TE60 are Huawei's integrated HD video conferencing terminal devices that support intelligent voice calls and Wi-Fi wireless interconnection. Multiple Huawei TE products are prone to a denial-of-service vulnerability and a security-bypass vulnerability. Attackers can exploit these issues to perform denial-of-service attacks or bypass certain security restrictions; this will aid in further attacks. There are security vulnerabilities in several Huawei products. An attacker in close physical proximity could exploit this vulnerability to change passwords. The following products and versions are affected: Huawei TE30, TE40, TE50, and TE60 using software versions earlier than V100R001C10SPC100
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "te50",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "te60",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "te30",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "te40",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "te30",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "te40",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "te50",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "te60",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "te60",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r001c10b022"
},
{
"model": "te60",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r001c10spc100"
},
{
"model": "te60",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v100r001c10b022"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:te60_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v100r001c10b022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8673"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei",
"sources": [
{
"db": "BID",
"id": "77829"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8673",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8673",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00294",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-86634",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8673",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-00294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-196",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86634",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. Huawei TE30, TE40, TE50, and TE60 are Huawei\u0027s integrated HD video conferencing terminal devices that support intelligent voice calls and Wi-Fi wireless interconnection. Multiple Huawei TE products are prone to a denial-of-service vulnerability and a security-bypass vulnerability. \nAttackers can exploit these issues to perform denial-of-service attacks or bypass certain security restrictions; this will aid in further attacks. There are security vulnerabilities in several Huawei products. An attacker in close physical proximity could exploit this vulnerability to change passwords. The following products and versions are affected: Huawei TE30, TE40, TE50, and TE60 using software versions earlier than V100R001C10SPC100",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "BID",
"id": "77829"
},
{
"db": "VULHUB",
"id": "VHN-86634"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8673",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00294",
"trust": 0.6
},
{
"db": "BID",
"id": "77829",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-86634",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "BID",
"id": "77829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"id": "VAR-201601-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
}
]
},
"last_update_date": "2023-12-18T13:44:18.187000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151125-01-TE",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462952"
},
{
"title": "Patches for various Huawei product password modification vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70126"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59548"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462952"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8673"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8673"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462952.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "BID",
"id": "77829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"db": "VULHUB",
"id": "VHN-86634"
},
{
"db": "BID",
"id": "77829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"date": "2016-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-86634"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "77829"
},
{
"date": "2016-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"date": "2016-01-12T20:59:06.560000",
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"date": "2016-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00294"
},
{
"date": "2016-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-86634"
},
{
"date": "2016-01-14T23:58:00",
"db": "BID",
"id": "77829"
},
{
"date": "2016-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006791"
},
{
"date": "2016-01-20T08:15:59.810000",
"db": "NVD",
"id": "CVE-2015-8673"
},
{
"date": "2016-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei TE Password change vulnerability in product software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006791"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-196"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.