VYPR

Vcm5010 Firmware

by Huawei

CVEs (4)

  • CVE-2017-2738CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.03

    VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP…

  • CVE-2017-2737HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.

  • CVE-2015-8332HigAug 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal…

  • CVE-2017-2736HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.01

    VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack.