Details of VAR-201805-1002

ID

VAR-201805-1002

CVE

CVE-2018-7903

TITLE

Huawei 1288H V5 and 2288H V5 Software injection command vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005294

DESCRIPTION

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. Huawei 1288H V5 and 2288H V5 The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Huawei 1288HV5 and 2288HV5 are Huawei's rack server devices

Trust: 2.25

sources: NVD: CVE-2018-7903 // JVNDB: JVNDB-2018-005294 // CNVD: CNVD-2018-10504 // VULHUB: VHN-137935

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-10504

AFFECTED PRODUCTS

vendor:	huawei	model:	1288h v5	scope:	eq	version:	v100r005c00	Trust: 2.4
vendor:	huawei	model:	2288h v5	scope:	eq	version:	v100r005c00	Trust: 2.4
vendor:	huawei	model:	1288h v100r005c00	scope:	eq	version:	v5	Trust: 0.6
vendor:	huawei	model:	2288h v100r005c00	scope:	eq	version:	v5	Trust: 0.6

sources: CNVD: CNVD-2018-10504 // JVNDB: JVNDB-2018-005294 // CNNVD: CNNVD-201805-822 // NVD: CVE-2018-7903

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7903
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7903
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-10504
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-822
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137935
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7903
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10504
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137935
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7903
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-10504 // VULHUB: VHN-137935 // JVNDB: JVNDB-2018-005294 // CNNVD: CNNVD-201805-822 // NVD: CVE-2018-7903

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-77	Trust: 0.9

sources: VULHUB: VHN-137935 // JVNDB: JVNDB-2018-005294 // NVD: CVE-2018-7903

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-822

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-822

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005294

PATCH

title:	huawei-sa-20180523-01-json	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en	Trust: 0.8
title:	Patch for Huawei1288HV5 and 2288HV5JSON Injection Vulnerability (CNVD-2018-10504)	url:	https://www.cnvd.org.cn/patchInfo/show/130563	Trust: 0.6
title:	Huawei 1288H V5 and 2288H V5 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83697	Trust: 0.6

sources: CNVD: CNVD-2018-10504 // JVNDB: JVNDB-2018-005294 // CNNVD: CNNVD-201805-822

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7903	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-005294	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-822	Trust: 0.7
db:	CNVD	id:	CNVD-2018-10504	Trust: 0.6
db:	VULHUB	id:	VHN-137935	Trust: 0.1

sources: CNVD: CNVD-2018-10504 // VULHUB: VHN-137935 // JVNDB: JVNDB-2018-005294 // CNNVD: CNNVD-201805-822 // NVD: CVE-2018-7903

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7903	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7903	Trust: 0.8

sources: CNVD: CNVD-2018-10504 // VULHUB: VHN-137935 // JVNDB: JVNDB-2018-005294 // CNNVD: CNNVD-201805-822 // NVD: CVE-2018-7903

SOURCES

db:	CNVD	id:	CNVD-2018-10504
db:	VULHUB	id:	VHN-137935
db:	JVNDB	id:	JVNDB-2018-005294
db:	CNNVD	id:	CNNVD-201805-822
db:	NVD	id:	CVE-2018-7903

LAST UPDATE DATE

2024-11-23T22:41:50.668000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10504	date:	2018-05-29T00:00:00
db:	VULHUB	id:	VHN-137935	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-005294	date:	2018-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201805-822	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7903	date:	2024-11-21T04:12:56.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10504	date:	2018-05-29T00:00:00
db:	VULHUB	id:	VHN-137935	date:	2018-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-005294	date:	2018-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201805-822	date:	2018-05-25T00:00:00
db:	NVD	id:	CVE-2018-7903	date:	2018-05-24T14:29:00.483