Hedex Lite
by Huawei
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8138 | Hig | 0.57 | 8.8 | 0.00 | Nov 22, 2017 | HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services. | |
| CVE-2017-8137 | Hig | 0.51 | 7.8 | 0.00 | Nov 22, 2017 | HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking. | |
| CVE-2017-8139 | Med | 0.40 | 6.1 | 0.00 | Nov 22, 2017 | HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. | |
| CVE-2017-8136 | Med | 0.36 | 5.5 | 0.00 | Nov 22, 2017 | HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak. |