ID

VAR-201803-1048


CVE

CVE-2017-17215


TITLE

Huawei HG532 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013014

DESCRIPTION

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. Huawei HG532 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HuaweiHG532 series router is a wireless router product for home and small office users. Huawei HG532 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.61

sources: NVD: CVE-2017-17215 // JVNDB: JVNDB-2017-013014 // CNVD: CNVD-2017-38447 // BID: 102344 // VULHUB: VHN-108215 // VULMON: CVE-2017-17215

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38447

AFFECTED PRODUCTS

vendor:huaweimodel:hg532scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:hg532scope: - version: -

Trust: 1.4

vendor:huaweimodel:hg532scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-38447 // BID: 102344 // JVNDB: JVNDB-2017-013014 // CNNVD: CNNVD-201712-1038 // NVD: CVE-2017-17215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17215
value: HIGH

Trust: 1.0

NVD: CVE-2017-17215
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-38447
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-1038
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108215
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-17215
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17215
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-38447
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108215
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17215
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38447 // VULHUB: VHN-108215 // VULMON: CVE-2017-17215 // JVNDB: JVNDB-2017-013014 // CNNVD: CNNVD-201712-1038 // NVD: CVE-2017-17215

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108215 // JVNDB: JVNDB-2017-013014 // NVD: CVE-2017-17215

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-1038

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-1038

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013014

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-108215 // VULMON: CVE-2017-17215

PATCH

title:huawei-sn-20171130-01-hg532url:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en

Trust: 0.8

title:Huawei HG532 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77390

Trust: 0.6

title:HG532d-RCE-Exploiturl:https://github.com/wilfred-wulbou/HG532d-RCE-Exploit

Trust: 0.1

title:learning-with-sakuraurl:https://github.com/0bs3rver/learning-with-sakura

Trust: 0.1

sources: VULMON: CVE-2017-17215 // JVNDB: JVNDB-2017-013014 // CNNVD: CNNVD-201712-1038

EXTERNAL IDS

db:NVDid:CVE-2017-17215

Trust: 3.5

db:BIDid:102344

Trust: 1.4

db:JVNDBid:JVNDB-2017-013014

Trust: 0.8

db:CNNVDid:CNNVD-201712-1038

Trust: 0.7

db:CNVDid:CNVD-2017-38447

Trust: 0.6

db:NSFOCUSid:38553

Trust: 0.6

db:EXPLOIT-DBid:43414

Trust: 0.1

db:SEEBUGid:SSVID-97010

Trust: 0.1

db:VULHUBid:VHN-108215

Trust: 0.1

db:VULMONid:CVE-2017-17215

Trust: 0.1

sources: CNVD: CNVD-2017-38447 // VULHUB: VHN-108215 // VULMON: CVE-2017-17215 // BID: 102344 // JVNDB: JVNDB-2017-013014 // CNNVD: CNNVD-201712-1038 // NVD: CVE-2017-17215

REFERENCES

url:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en

Trust: 1.7

url:http://www.securityfocus.com/bid/102344

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17215

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-17215

Trust: 0.8

url:http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn

Trust: 0.6

url:https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-1016.html#vulnerability

Trust: 0.6

url:http://www.nsfocus.net/vulndb/38553

Trust: 0.6

url:http://www.huawei.com/my/psirt/security-notices/huawei-sn-20171130-01-hg532-en

Trust: 0.3

url:http://www.huawei.com/en/

Trust: 0.3

url:https://blog.newskysecurity.com/huawei-router-exploit-involved-in-satori-and-brickerbot-given-away-for-free-on-christmas-by-ac52fe5e4516

Trust: 0.3

sources: CNVD: CNVD-2017-38447 // VULHUB: VHN-108215 // BID: 102344 // JVNDB: JVNDB-2017-013014 // CNNVD: CNNVD-201712-1038 // NVD: CVE-2017-17215

CREDITS

Check Point Software Technologies Research Department

Trust: 0.9

sources: BID: 102344 // CNNVD: CNNVD-201712-1038

SOURCES

db:CNVDid:CNVD-2017-38447
db:VULHUBid:VHN-108215
db:VULMONid:CVE-2017-17215
db:BIDid:102344
db:JVNDBid:JVNDB-2017-013014
db:CNNVDid:CNNVD-201712-1038
db:NVDid:CVE-2017-17215

LAST UPDATE DATE

2024-11-23T22:06:58.363000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-38447date:2017-12-28T00:00:00
db:VULHUBid:VHN-108215date:2018-04-19T00:00:00
db:VULMONid:CVE-2017-17215date:2018-04-19T00:00:00
db:BIDid:102344date:2017-12-28T00:00:00
db:JVNDBid:JVNDB-2017-013014date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201712-1038date:2018-03-21T00:00:00
db:NVDid:CVE-2017-17215date:2024-11-21T03:17:40.740

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-38447date:2017-12-28T00:00:00
db:VULHUBid:VHN-108215date:2018-03-20T00:00:00
db:VULMONid:CVE-2017-17215date:2018-03-20T00:00:00
db:BIDid:102344date:2017-12-28T00:00:00
db:JVNDBid:JVNDB-2017-013014date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201712-1038date:2017-12-28T00:00:00
db:NVDid:CVE-2017-17215date:2018-03-20T15:29:00.203