var-201803-1314
Vulnerability from variot
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. DBS3900TDDLTE is a modular network device product from China's Huawei company. Huawei DBS3900 TDD LTE is a distributed base station product of China Huawei (Huawei). This product supports wireless access to wireless networks and provides services such as video surveillance, data collection and data transmission
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1314", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dbs3900 tdd lte", scope: "eq", trust: 2.4, vendor: "huawei", version: "v100r003c00", }, { model: "dbs3900 tdd lte", scope: "eq", trust: 2.4, vendor: "huawei", version: "v100r004c10", }, { model: "dbs3900 tdd lte v100r004c10", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "dbs3900 tdd lte v100r003c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06068", }, { db: "JVNDB", id: "JVNDB-2017-013009", }, { db: "NVD", id: "CVE-2017-15326", }, { db: "CNNVD", id: "CNNVD-201803-906", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-15326", }, ], }, cve: "CVE-2017-15326", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-15326", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2018-06068", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-106137", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2017-15326", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-15326", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-06068", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201803-906", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-106137", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06068", }, { db: "VULHUB", id: "VHN-106137", }, { db: "JVNDB", id: "JVNDB-2017-013009", }, { db: "NVD", id: "CVE-2017-15326", }, { db: "CNNVD", id: "CNNVD-201803-906", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. DBS3900TDDLTE is a modular network device product from China's Huawei company. Huawei DBS3900 TDD LTE is a distributed base station product of China Huawei (Huawei). This product supports wireless access to wireless networks and provides services such as video surveillance, data collection and data transmission", sources: [ { db: "NVD", id: "CVE-2017-15326", }, { db: "JVNDB", id: "JVNDB-2017-013009", }, { db: "CNVD", id: "CNVD-2018-06068", }, { db: "VULHUB", id: "VHN-106137", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-15326", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2017-013009", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-906", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-06068", trust: 0.6, }, { db: "VULHUB", id: "VHN-106137", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06068", }, { db: "VULHUB", id: "VHN-106137", }, { db: "JVNDB", id: "JVNDB-2017-013009", }, { db: "NVD", id: "CVE-2017-15326", }, { db: "CNNVD", id: "CNNVD-201803-906", }, ], }, id: "VAR-201803-1314", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06068", }, { db: "VULHUB", id: "VHN-106137", }, ], trust: 1.2, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06068", }, ], }, last_update_date: "2023-12-18T13:28:59.491000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "huawei-sa-20180321-01-encryption", trust: 0.8, url: "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", }, { title: "HuaweiDBS3900TDDLTE weak encryption algorithm vulnerability patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/122893", }, { title: "Huawei DBS3900 TDD LTE Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79403", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06068", }, { db: "JVNDB", id: "JVNDB-2017-013009", }, { db: "CNNVD", id: "CNNVD-201803-906", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-327", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-106137", }, { db: "JVNDB", id: "JVNDB-2017-013009", }, { db: "NVD", id: "CVE-2017-15326", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15326", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-15326", }, { trust: 0.6, url: "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-cn", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06068", }, { db: "VULHUB", id: "VHN-106137", }, { db: "JVNDB", id: "JVNDB-2017-013009", }, { db: "NVD", id: "CVE-2017-15326", }, { db: "CNNVD", id: "CNNVD-201803-906", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06068", }, { db: "VULHUB", id: "VHN-106137", }, { db: "JVNDB", id: "JVNDB-2017-013009", }, { db: "NVD", id: "CVE-2017-15326", }, { db: "CNNVD", id: "CNNVD-201803-906", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-23T00:00:00", db: "CNVD", id: "CNVD-2018-06068", }, { date: "2018-03-23T00:00:00", db: "VULHUB", id: "VHN-106137", }, { date: "2018-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-013009", }, { date: "2018-03-23T16:29:00.177000", db: "NVD", id: "CVE-2017-15326", }, { date: "2018-03-26T00:00:00", db: "CNNVD", id: "CNNVD-201803-906", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-23T00:00:00", db: "CNVD", id: "CNVD-2018-06068", }, { date: "2018-04-19T00:00:00", db: "VULHUB", id: "VHN-106137", }, { date: "2018-05-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-013009", }, { date: "2018-04-19T14:04:00.303000", db: "NVD", id: "CVE-2017-15326", }, { date: "2018-03-26T00:00:00", db: "CNNVD", id: "CNNVD-201803-906", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-906", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DBS3900 TDD LTE Vulnerabilities in the use of cryptographic algorithms", sources: [ { db: "JVNDB", id: "JVNDB-2017-013009", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201803-906", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.