Details of VAR-201511-0200

ID

VAR-201511-0200

CVE

CVE-2015-8228

TITLE

Huawei AR Router Directory Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-07773 // CNNVD: CNNVD-201511-394

DESCRIPTION

Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. Huawei AR Routers is an AR series router product from China Huawei. A directory traversal vulnerability exists in the Huawei AR router. An attacker could exploit this vulnerability to obtain sensitive information. Huawei AR series routers are Huawei's proprietary VRP-based next-generation enterprise routers that integrate routing, switching, 3G, WLAN, voice, and security functions. The following versions and products are affected: Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, 3600 versions earlier than V200R006C10

Trust: 3.06

sources: NVD: CVE-2015-8228 // JVNDB: JVNDB-2015-006027 // CNVD: CNVD-2015-07773 // CNVD: CNVD-2015-07794 // BID: 77555 // VULHUB: VHN-86189

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2015-07773 // CNVD: CNVD-2015-07794

AFFECTED PRODUCTS

vendor:	huawei	model:	ar	scope:	lte	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar router	scope:	lt	version:	v200r006sph003	Trust: 0.8
vendor:	huawei	model:	ar120	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar160	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar3600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar routers	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	150	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	1200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	2200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	3200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	120	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	160	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	500	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	3600	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	v200r006c10	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r006c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar1200 v200r006sph003	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-07773 // CNVD: CNVD-2015-07794 // BID: 77555 // JVNDB: JVNDB-2015-006027 // CNNVD: CNNVD-201511-394 // NVD: CVE-2015-8228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8228
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-8228
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07773
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2015-07794
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201511-394
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-86189
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-8228
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07773
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-07794
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-86189
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-07773 // CNVD: CNVD-2015-07794 // VULHUB: VHN-86189 // JVNDB: JVNDB-2015-006027 // CNNVD: CNNVD-201511-394 // NVD: CVE-2015-8228

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-86189 // JVNDB: JVNDB-2015-006027 // NVD: CVE-2015-8228

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-394

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201511-394

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006027

PATCH

title:	Huawei-SA-20151111-01-AR	url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm	Trust: 0.8
title:	Huawei AR router directory traversal vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/67110	Trust: 0.6
title:	Huawei AR router SFTP server directory traversal vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/67214	Trust: 0.6
title:	Huawei AR Repair measures for router directory traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58842	Trust: 0.6

sources: CNVD: CNVD-2015-07773 // CNVD: CNVD-2015-07794 // JVNDB: JVNDB-2015-006027 // CNNVD: CNNVD-201511-394

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8228	Trust: 3.1
db:	BID	id:	77555	Trust: 1.5
db:	JVNDB	id:	JVNDB-2015-006027	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-394	Trust: 0.7
db:	CNVD	id:	CNVD-2015-07773	Trust: 0.6
db:	CNVD	id:	CNVD-2015-07794	Trust: 0.6
db:	NSFOCUS	id:	31618	Trust: 0.6
db:	SEEBUG	id:	SSVID-89883	Trust: 0.1
db:	SEEBUG	id:	SSVID-89929	Trust: 0.1
db:	VULHUB	id:	VHN-86189	Trust: 0.1

sources: CNVD: CNVD-2015-07773 // CNVD: CNVD-2015-07794 // VULHUB: VHN-86189 // BID: 77555 // JVNDB: JVNDB-2015-006027 // CNNVD: CNNVD-201511-394 // NVD: CVE-2015-8228

REFERENCES

url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm	Trust: 1.7
url:	http://www.securityfocus.com/bid/77555	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8228	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8228	Trust: 0.8
url:	http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/31618	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-461676.htm	Trust: 0.3

sources: CNVD: CNVD-2015-07773 // CNVD: CNVD-2015-07794 // VULHUB: VHN-86189 // BID: 77555 // JVNDB: JVNDB-2015-006027 // CNNVD: CNNVD-201511-394 // NVD: CVE-2015-8228

CREDITS

Huawei

Trust: 0.9

sources: BID: 77555 // CNNVD: CNNVD-201511-394

SOURCES

db:	CNVD	id:	CNVD-2015-07773
db:	CNVD	id:	CNVD-2015-07794
db:	VULHUB	id:	VHN-86189
db:	BID	id:	77555
db:	JVNDB	id:	JVNDB-2015-006027
db:	CNNVD	id:	CNNVD-201511-394
db:	NVD	id:	CVE-2015-8228

LAST UPDATE DATE

2024-11-23T22:34:56.014000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07773	date:	2015-11-25T00:00:00
db:	CNVD	id:	CNVD-2015-07794	date:	2015-11-26T00:00:00
db:	VULHUB	id:	VHN-86189	date:	2015-11-25T00:00:00
db:	BID	id:	77555	date:	2015-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-006027	date:	2015-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201511-394	date:	2015-12-15T00:00:00
db:	NVD	id:	CVE-2015-8228	date:	2024-11-21T02:38:07.900

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07773	date:	2015-11-25T00:00:00
db:	CNVD	id:	CNVD-2015-07794	date:	2015-11-26T00:00:00
db:	VULHUB	id:	VHN-86189	date:	2015-11-24T00:00:00
db:	BID	id:	77555	date:	2015-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-006027	date:	2015-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201511-394	date:	2015-11-23T00:00:00
db:	NVD	id:	CVE-2015-8228	date:	2015-11-24T20:59:21.130