Huawei eSpace Integrated Access Device cross site scripting

A vulnerability was found in Huawei eSpace Integrated Access Device V300R001C03/V300R001C04/V300R001C06/V300R001C07/V300R001C20. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. The bug was discovered 11/30/2016. The weakness was published 04/02/2017 as sa-20161130-01 (Website). It is possible to read the advisory at huawei.com. The identification of this vulnerability is CVE-2016-8789. The attack may be initiated remotely. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $5k-$25k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 123 days. We expect the 0-day to have been worth approximately $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94613).

Field04/03/2017 09:06 AM08/25/2020 09:37 AM11/24/2022 02:56 PM
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days123123123
cvss3_nvd_basescore6.16.16.1
vendorHuaweiHuaweiHuawei
nameeSpace Integrated Access DeviceeSpace Integrated Access DeviceeSpace Integrated Access Device
versionV300R001C03/V300R001C04/V300R001C06/V300R001C07/V300R001C20V300R001C03/V300R001C04/V300R001C06/V300R001C07/V300R001C20V300R001C03/V300R001C04/V300R001C06/V300R001C07/V300R001C20
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore4.34.34.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore5.25.25.2
cvss3_meta_tempscore5.25.25.2
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.34.34.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sCCC
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aNNN
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2016-8789CVE-2016-8789CVE-2016-8789
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryHuawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.
securityfocus946139461394613
securityfocus_titleHuawei eSpace IAD CVE-2016-8789 Cross Site Scripting VulnerabilityHuawei eSpace IAD CVE-2016-8789 Cross Site Scripting VulnerabilityHuawei eSpace IAD CVE-2016-8789 Cross Site Scripting Vulnerability
locationWebsiteWebsiteWebsite
discoverydate14804640001480464000
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en
osvdb_titleCVE-2016-8789 - Huawei - eSpace IAD - Cross-Site Scripting IssueCVE-2016-8789 - Huawei - eSpace IAD - Cross-Site Scripting Issue
securityfocus_date1480550400 (12/01/2016)1480550400 (12/01/2016)
securityfocus_classInput Validation ErrorInput Validation Error
identifiersa-20161130-01
cvss2_nvd_basescore4.3

Want to stay up to date on a daily basis?

Enable the mail alert feature now!