Details of VAR-201805-1001

ID

VAR-201805-1001

CVE

CVE-2018-7902

TITLE

Huawei 1288H V5 and 2288H V5 Software injection command vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005293

DESCRIPTION

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. Huawei 1288H V5 and 2288H V5 The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Huawei 1288HV5 and 2288HV5 are Huawei's rack server devices

Trust: 2.25

sources: NVD: CVE-2018-7902 // JVNDB: JVNDB-2018-005293 // CNVD: CNVD-2018-10505 // VULHUB: VHN-137934

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-10505

AFFECTED PRODUCTS

vendor:	huawei	model:	1288h v5	scope:	eq	version:	v100r005c00	Trust: 2.4
vendor:	huawei	model:	2288h v5	scope:	eq	version:	v100r005c00	Trust: 2.4
vendor:	huawei	model:	1288h v100r005c00	scope:	eq	version:	v5	Trust: 0.6
vendor:	huawei	model:	2288h v100r005c00	scope:	eq	version:	v5	Trust: 0.6

sources: CNVD: CNVD-2018-10505 // JVNDB: JVNDB-2018-005293 // CNNVD: CNNVD-201805-823 // NVD: CVE-2018-7902

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7902
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7902
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-10505
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-823
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137934
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7902
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10505
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137934
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7902
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-10505 // VULHUB: VHN-137934 // JVNDB: JVNDB-2018-005293 // CNNVD: CNNVD-201805-823 // NVD: CVE-2018-7902

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-77	Trust: 0.9

sources: VULHUB: VHN-137934 // JVNDB: JVNDB-2018-005293 // NVD: CVE-2018-7902

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-823

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-823

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005293

PATCH

title:	huawei-sa-20180523-01-json	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en	Trust: 0.8
title:	Patch for Huawei1288HV5 and 2288HV5JSON injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/130561	Trust: 0.6
title:	Huawei 1288H V5 and 2288H V5 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83698	Trust: 0.6

sources: CNVD: CNVD-2018-10505 // JVNDB: JVNDB-2018-005293 // CNNVD: CNNVD-201805-823

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7902	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-005293	Trust: 0.8
db:	CNVD	id:	CNVD-2018-10505	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-823	Trust: 0.6
db:	VULHUB	id:	VHN-137934	Trust: 0.1

sources: CNVD: CNVD-2018-10505 // VULHUB: VHN-137934 // JVNDB: JVNDB-2018-005293 // CNNVD: CNNVD-201805-823 // NVD: CVE-2018-7902

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7902	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7902	Trust: 0.8

sources: CNVD: CNVD-2018-10505 // VULHUB: VHN-137934 // JVNDB: JVNDB-2018-005293 // CNNVD: CNNVD-201805-823 // NVD: CVE-2018-7902

SOURCES

db:	CNVD	id:	CNVD-2018-10505
db:	VULHUB	id:	VHN-137934
db:	JVNDB	id:	JVNDB-2018-005293
db:	CNNVD	id:	CNNVD-201805-823
db:	NVD	id:	CVE-2018-7902

LAST UPDATE DATE

2024-11-23T22:55:52.887000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10505	date:	2018-05-29T00:00:00
db:	VULHUB	id:	VHN-137934	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-005293	date:	2018-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201805-823	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7902	date:	2024-11-21T04:12:56.757

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10505	date:	2018-05-29T00:00:00
db:	VULHUB	id:	VHN-137934	date:	2018-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-005293	date:	2018-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201805-823	date:	2018-05-25T00:00:00
db:	NVD	id:	CVE-2018-7902	date:	2018-05-24T14:29:00.437