Huawei UAP2105 prior V300R012C00SPC160 VxWorks Shell 7pk security

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Huawei UAP2105 and classified as critical. Affected by this vulnerability is some unknown functionality of the component VxWorks Shell. Upgrading to version V300R012C00SPC160 eliminates this vulnerability.

Field09/26/2017 09:02 AM11/19/2019 01:32 PM01/14/2021 12:10 PM
vendorHuaweiHuaweiHuawei
nameUAP2105UAP2105UAP2105
componentVxWorks ShellVxWorks ShellVxWorks Shell
cwe254 (privilege escalation)254 (privilege escalation)254 (privilege escalation)
risk111
historic000
cvss2_vuldb_basescore6.96.96.9
cvss2_vuldb_tempscore6.06.06.0
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore7.67.67.6
cvss3_meta_tempscore7.37.37.3
cvss3_vuldb_basescore8.48.48.4
cvss3_vuldb_tempscore8.08.08.0
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_nvd_avPPP
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
urlhttp://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htmhttp://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htmhttp://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
upgrade_versionV300R012C00SPC160V300R012C00SPC160V300R012C00SPC160
cveCVE-2015-6592CVE-2015-6592CVE-2015-6592
cve_assigned144011520014401152001440115200
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryHuawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.
securityfocus765527655276552
securityfocus_date1441152000 (09/02/2015)1441152000 (09/02/2015)1441152000 (09/02/2015)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
securityfocus_titleHuawei UAP2105 'VxWorks shell' Local Command Injection VulnerabilityHuawei UAP2105 'VxWorks shell' Local Command Injection VulnerabilityHuawei UAP2105 'VxWorks shell' Local Command Injection Vulnerability
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
0day_days754754754
cvss3_nvd_basescore6.86.86.8
discoverydate14411520001441152000
person_nicknameAlexAlex
confirm_urlhttp://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htmhttp://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm
person_nameAlexey Osipov/Alexander Zaitsev
cvss2_nvd_basescore7.2

Want to stay up to date on a daily basis?

Enable the mail alert feature now!