Sign-up

ID

VAR-201511-0079


CVE

CVE-2015-7254


TITLE

Huawei HG532 routers contain a path traversal vulnerability

Trust: 0.8

sources: CERT/CC: VU#438928

DESCRIPTION

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. For example, a remote attacker http://[IP address ]:37215/icon/../../../etc/inittab By directly accessing inittab It is possible to get the file. Depending on your settings, LAN You may be exposed to these attacks from the outside. Huawei HG532e, HG532n, and HG532s are wireless router products from Huawei. Multiple Huawei HG532 routers are prone to a directory-traversal vulnerability. An attacker can exploit this issue to obtain sensitive information that could aid in further attacks. The following products are affected: Huawei HG532e, HG532n, HG532s

Trust: 3.24

sources: NVD: CVE-2015-7254 // CERT/CC: VU#438928 // JVNDB: JVNDB-2015-005776 // CNVD: CNVD-2015-07474 // BID: 77506 // VULHUB: VHN-85215

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07474

AFFECTED PRODUCTS

vendor:huaweimodel:hg532escope:eqversion: -

Trust: 1.6

vendor:huaweimodel:hg532nscope:eqversion: -

Trust: 1.6

vendor:huaweimodel:hg532sscope:eqversion: -

Trust: 1.6

vendor:huaweimodel:hg532sscope: - version: -

Trust: 1.4

vendor:huaweimodel:hg532nscope: - version: -

Trust: 1.4

vendor:huaweimodel:hg532escope: - version: -

Trust: 1.4

vendor:huaweimodel: - scope: - version: -

Trust: 0.8

vendor:huaweimodel:ws550-10scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ws318-10scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:hg532sscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:hg532nscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:hg532escope:eqversion:0

Trust: 0.3

vendor:huaweimodel:hg532scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ws550-10 v100r001c01b020scope:neversion: -

Trust: 0.3

vendor:huaweimodel:ws550-10 v100r001c01b019scope:neversion: -

Trust: 0.3

vendor:huaweimodel:ws318-10 v100r001c01b022scope:neversion: -

Trust: 0.3

vendor:huaweimodel:hg532e v100r001c02b017scope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#438928 // CNVD: CNVD-2015-07474 // BID: 77506 // JVNDB: JVNDB-2015-005776 // CNNVD: CNNVD-201511-114 // NVD: CVE-2015-7254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7254
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7254
value: LOW

Trust: 0.8

NVD: CVE-2015-7254
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07474
value: LOW

Trust: 0.6

CNNVD: CNNVD-201511-114
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85215
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7254
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2015-7254
severity: LOW
baseScore: 3.3
vectorString: NONE
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-07474
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85215
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#438928 // CNVD: CNVD-2015-07474 // VULHUB: VHN-85215 // JVNDB: JVNDB-2015-005776 // CNNVD: CNNVD-201511-114 // NVD: CVE-2015-7254

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-85215 // JVNDB: JVNDB-2015-005776 // NVD: CVE-2015-7254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-114

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201511-114

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005776

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#438928 // 
            
            
            
            VULHUB: VHN-85215

PATCH
title:Patches for various Huawei product catalog traversal vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/66572
Trust: 0.6
title:Multiple Huawei Product Directory Traversal Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58609
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07474 // 
            
            
            
            CNNVD: CNNVD-201511-114

EXTERNAL IDS
db:CERT/CCid:VU#438928
Trust: 4.2
db:NVDid:CVE-2015-7254
Trust: 3.4
db:BIDid:77506
Trust: 1.4
db:EXPLOIT-DBid:45991
Trust: 1.1
db:JVNid:JVNVU94520968
Trust: 0.8
db:JVNDBid:JVNDB-2015-005776
Trust: 0.8
db:CNNVDid:CNNVD-201511-114
Trust: 0.7
db:CNVDid:CNVD-2015-07474
Trust: 0.6
db:SEEBUGid:SSVID-89721
Trust: 0.1
db:SEEBUGid:SSVID-89765
Trust: 0.1
db:PACKETSTORMid:150788
Trust: 0.1
db:VULHUBid:VHN-85215
Trust: 0.1
sources:
            
            
            CERT/CC: VU#438928 // 
            
            
            
            CNVD: CNVD-2015-07474 // 
            
            
            
            VULHUB: VHN-85215 // 
            
            
            
            BID: 77506 // 
            
            
            
            JVNDB: JVNDB-2015-005776 // 
            
            
            
            CNNVD: CNNVD-201511-114 // 
            
            
            
            NVD: CVE-2015-7254

REFERENCES
url:http://www.kb.cert.org/vuls/id/438928
Trust: 3.4
url:http://www.securityfocus.com/bid/77506
Trust: 1.1
url:http://www.huawei.com/en/psirt/security-advisories/hw-462908
Trust: 1.1
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462908.htm
Trust: 1.1
url:https://www.exploit-db.com/exploits/45991/
Trust: 1.1
url:https://github.com/0xadrian/scripts/blob/master/2015_7254_exploit.py
Trust: 1.1
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-460507.htm
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7254
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94520968/index.html
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7254
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2015/hw-462908
Trust: 0.3
sources:
            
            
            CERT/CC: VU#438928 // 
            
            
            
            CNVD: CNVD-2015-07474 // 
            
            
            
            VULHUB: VHN-85215 // 
            
            
            
            BID: 77506 // 
            
            
            
            JVNDB: JVNDB-2015-005776 // 
            
            
            
            CNNVD: CNNVD-201511-114 // 
            
            
            
            NVD: CVE-2015-7254

CREDITS
Roberto Paleari and Aristide Fattori
Trust: 0.3
sources:
            
            
            BID: 77506

SOURCES
db:CERT/CCid:VU#438928
db:CNVDid:CNVD-2015-07474
db:VULHUBid:VHN-85215
db:BIDid:77506
db:JVNDBid:JVNDB-2015-005776
db:CNNVDid:CNNVD-201511-114
db:NVDid:CVE-2015-7254

LAST UPDATE DATE
2024-09-09T23:00:48.253000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#438928date:2015-11-09T00:00:00
db:CNVDid:CNVD-2015-07474date:2015-11-12T00:00:00
db:VULHUBid:VHN-85215date:2018-12-15T00:00:00
db:BIDid:77506date:2016-11-24T01:09:00
db:JVNDBid:JVNDB-2015-005776date:2015-11-10T00:00:00
db:CNNVDid:CNNVD-201511-114date:2015-11-09T00:00:00
db:NVDid:CVE-2015-7254date:2018-12-15T11:29:00.600

SOURCES RELEASE DATE
db:CERT/CCid:VU#438928date:2015-11-06T00:00:00
db:CNVDid:CNVD-2015-07474date:2015-11-12T00:00:00
db:VULHUBid:VHN-85215date:2015-11-07T00:00:00
db:BIDid:77506date:2015-11-06T00:00:00
db:JVNDBid:JVNDB-2015-005776date:2015-11-10T00:00:00
db:CNNVDid:CNNVD-201511-114date:2015-11-09T00:00:00
db:NVDid:CVE-2015-7254date:2015-11-07T03:59:01.517