var-201511-0079
Vulnerability from variot
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. For example, a remote attacker http://[IP address ]:37215/icon/../../../etc/inittab By directly accessing inittab It is possible to get the file. Depending on your settings, LAN You may be exposed to these attacks from the outside. Huawei HG532e, HG532n, and HG532s are wireless router products from Huawei. Multiple Huawei HG532 routers are prone to a directory-traversal vulnerability. An attacker can exploit this issue to obtain sensitive information that could aid in further attacks. The following products are affected: Huawei HG532e, HG532n, HG532s
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg532e",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "hg532n",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "hg532s",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "hg532s",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "hg532n",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "hg532e",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws550-10",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ws318-10",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "hg532s",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "hg532n",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "hg532e",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "hg532",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ws550-10 v100r001c01b020",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ws550-10 v100r001c01b019",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ws318-10 v100r001c01b022",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "hg532e v100r001c02b017",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:hg532e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:hg532n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:hg532s",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roberto Paleari and Aristide Fattori",
"sources": [
{
"db": "BID",
"id": "77506"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7254",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 3.3,
"collateralDamagePotential": "NONE",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 2.0,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 6.5,
"id": "CVE-2015-7254",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "LOW",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-07474",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85215",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7254",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7254",
"trust": 0.8,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2015-7254",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-07474",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-114",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85215",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. For example, a remote attacker http://[IP address ]:37215/icon/../../../etc/inittab By directly accessing inittab It is possible to get the file. Depending on your settings, LAN You may be exposed to these attacks from the outside. Huawei HG532e, HG532n, and HG532s are wireless router products from Huawei. Multiple Huawei HG532 routers are prone to a directory-traversal vulnerability. \nAn attacker can exploit this issue to obtain sensitive information that could aid in further attacks. The following products are affected: Huawei HG532e, HG532n, HG532s",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7254"
},
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "VULHUB",
"id": "VHN-85215"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/438928",
"trust": 0.8,
"type": "unknown"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-85215",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "VULHUB",
"id": "VHN-85215"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#438928",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-7254",
"trust": 3.4
},
{
"db": "BID",
"id": "77506",
"trust": 1.4
},
{
"db": "EXPLOIT-DB",
"id": "45991",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94520968",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07474",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89721",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-89765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150788",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85215",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"id": "VAR-201511-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
}
],
"trust": 1.27187501
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07474"
}
]
},
"last_update_date": "2024-11-23T23:12:37.509000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patches for various Huawei product catalog traversal vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66572"
},
{
"title": "Multiple Huawei Product Directory Traversal Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58609"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/438928"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/77506"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-462908"
},
{
"trust": 1.1,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45991/"
},
{
"trust": 1.1,
"url": "https://github.com/0xadrian/scripts/blob/master/2015_7254_exploit.py"
},
{
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-460507.htm"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7254"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94520968/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7254"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2015/hw-462908"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#438928"
},
{
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"db": "VULHUB",
"id": "VHN-85215"
},
{
"db": "BID",
"id": "77506"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
},
{
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-06T00:00:00",
"db": "CERT/CC",
"id": "VU#438928"
},
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"date": "2015-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-85215"
},
{
"date": "2015-11-06T00:00:00",
"db": "BID",
"id": "77506"
},
{
"date": "2015-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-114"
},
{
"date": "2015-11-07T03:59:01.517000",
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-09T00:00:00",
"db": "CERT/CC",
"id": "VU#438928"
},
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07474"
},
{
"date": "2018-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-85215"
},
{
"date": "2016-11-24T01:09:00",
"db": "BID",
"id": "77506"
},
{
"date": "2015-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005776"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-114"
},
{
"date": "2024-11-21T02:36:26.613000",
"db": "NVD",
"id": "CVE-2015-7254"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei HG532 routers contain a path traversal vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#438928"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-114"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.