Sign-up

ID

VAR-201803-1048


CVE

CVE-2017-17215


TITLE

Huawei HG532 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013014

DESCRIPTION

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. Huawei HG532 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HuaweiHG532 series router is a wireless router product for home and small office users. Huawei HG532 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.61

sources: NVD: CVE-2017-17215 // JVNDB: JVNDB-2017-013014 // CNVD: CNVD-2017-38447 // BID: 102344 // VULHUB: VHN-108215 // VULMON: CVE-2017-17215

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38447

AFFECTED PRODUCTS

vendor:huaweimodel:hg532scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:hg532scope: - version: -

Trust: 1.4

vendor:huaweimodel:hg532scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-38447 // BID: 102344 // JVNDB: JVNDB-2017-013014 // CNNVD: CNNVD-201712-1038 // NVD: CVE-2017-17215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17215
value: HIGH

Trust: 1.0

NVD: CVE-2017-17215
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-38447
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-1038
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108215
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-17215
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17215
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-38447
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108215
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17215
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38447 // VULHUB: VHN-108215 // VULMON: CVE-2017-17215 // JVNDB: JVNDB-2017-013014 // CNNVD: CNNVD-201712-1038 // NVD: CVE-2017-17215

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108215 // JVNDB: JVNDB-2017-013014 // NVD: CVE-2017-17215

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-1038

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-1038

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013014

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-108215 // 
            
            
            
            VULMON: CVE-2017-17215

PATCH
title:huawei-sn-20171130-01-hg532url:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en
Trust: 0.8
title:Huawei HG532 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77390
Trust: 0.6
title:HG532d-RCE-Exploiturl:https://github.com/wilfred-wulbou/HG532d-RCE-Exploit 
Trust: 0.1
title:learning-with-sakuraurl:https://github.com/0bs3rver/learning-with-sakura 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-17215 // 
            
            
            
            JVNDB: JVNDB-2017-013014 // 
            
            
            
            CNNVD: CNNVD-201712-1038

EXTERNAL IDS
db:NVDid:CVE-2017-17215
Trust: 3.5
db:BIDid:102344
Trust: 1.4
db:JVNDBid:JVNDB-2017-013014
Trust: 0.8
db:CNNVDid:CNNVD-201712-1038
Trust: 0.7
db:CNVDid:CNVD-2017-38447
Trust: 0.6
db:NSFOCUSid:38553
Trust: 0.6
db:EXPLOIT-DBid:43414
Trust: 0.1
db:SEEBUGid:SSVID-97010
Trust: 0.1
db:VULHUBid:VHN-108215
Trust: 0.1
db:VULMONid:CVE-2017-17215
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38447 // 
            
            
            
            VULHUB: VHN-108215 // 
            
            
            
            VULMON: CVE-2017-17215 // 
            
            
            
            BID: 102344 // 
            
            
            
            JVNDB: JVNDB-2017-013014 // 
            
            
            
            CNNVD: CNNVD-201712-1038 // 
            
            
            
            NVD: CVE-2017-17215

REFERENCES
url:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en
Trust: 1.7
url:http://www.securityfocus.com/bid/102344
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17215
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17215
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn
Trust: 0.6
url:https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-1016.html#vulnerability
Trust: 0.6
url:http://www.nsfocus.net/vulndb/38553
Trust: 0.6
url:http://www.huawei.com/my/psirt/security-notices/huawei-sn-20171130-01-hg532-en
Trust: 0.3
url:http://www.huawei.com/en/
Trust: 0.3
url:https://blog.newskysecurity.com/huawei-router-exploit-involved-in-satori-and-brickerbot-given-away-for-free-on-christmas-by-ac52fe5e4516
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-38447 // 
            
            
            
            VULHUB: VHN-108215 // 
            
            
            
            BID: 102344 // 
            
            
            
            JVNDB: JVNDB-2017-013014 // 
            
            
            
            CNNVD: CNNVD-201712-1038 // 
            
            
            
            NVD: CVE-2017-17215

CREDITS
Check Point Software Technologies Research Department
Trust: 0.9
sources:
            
            
            BID: 102344 // 
            
            
            
            CNNVD: CNNVD-201712-1038

SOURCES
db:CNVDid:CNVD-2017-38447
db:VULHUBid:VHN-108215
db:VULMONid:CVE-2017-17215
db:BIDid:102344
db:JVNDBid:JVNDB-2017-013014
db:CNNVDid:CNNVD-201712-1038
db:NVDid:CVE-2017-17215

LAST UPDATE DATE
2024-08-14T13:28:54.145000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38447date:2017-12-28T00:00:00
db:VULHUBid:VHN-108215date:2018-04-19T00:00:00
db:VULMONid:CVE-2017-17215date:2018-04-19T00:00:00
db:BIDid:102344date:2017-12-28T00:00:00
db:JVNDBid:JVNDB-2017-013014date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201712-1038date:2018-03-21T00:00:00
db:NVDid:CVE-2017-17215date:2018-04-19T15:04:20.200

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38447date:2017-12-28T00:00:00
db:VULHUBid:VHN-108215date:2018-03-20T00:00:00
db:VULMONid:CVE-2017-17215date:2018-03-20T00:00:00
db:BIDid:102344date:2017-12-28T00:00:00
db:JVNDBid:JVNDB-2017-013014date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201712-1038date:2017-12-28T00:00:00
db:NVDid:CVE-2017-17215date:2018-03-20T15:29:00.203